Closed Bug 307722 Opened 19 years ago Closed 19 years ago

Secunia SA16764 URL Domain Name Buffer Overflow

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
critical

Tracking

()

VERIFIED DUPLICATE of bug 307259

People

(Reporter: TechMason, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4

From http://secunia.com/advisories/16764/

Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially to compromise
a user's system.

The vulnerability is caused due to an error in the handling of an URL that
contains the 0xAD character in its domain name. This can be exploited to cause a
heap-based buffer overflow.

Successful exploitation crashes Firefox and may potentially allow code execution
but requires that the user is tricked into visiting a malicious web site or open
a specially crafted HTML file.

The vulnerability has been confirmed in version 1.0.6, and is reported to affect
versions prior to 1.0.6, and version 1.5 Beta 1.

Reproducible: Always

Steps to Reproduce:
1.Visit a site with the 0xAD character in its domain name

Actual Results:  
Crash with the potential to allow code execution

Expected Results:  
No crash and no potential to allow code execution

*** This bug has been marked as a duplicate of 307259 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Group: security
Tom Ferris himself reported that he already filed a bug :
<http://security-protocols.com/advisory/sp-x17-advisory.txt>. There's no reason
to report this again.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.