Closed Bug 307722 Opened 19 years ago Closed 19 years ago

Secunia SA16764 URL Domain Name Buffer Overflow

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 307259

People

(Reporter: TechMason, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 From http://secunia.com/advisories/16764/ Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system. The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow. Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file. The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1. Reproducible: Always Steps to Reproduce: 1.Visit a site with the 0xAD character in its domain name Actual Results: Crash with the potential to allow code execution Expected Results: No crash and no potential to allow code execution
*** This bug has been marked as a duplicate of 307259 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Group: security
Tom Ferris himself reported that he already filed a bug : <http://security-protocols.com/advisory/sp-x17-advisory.txt>. There's no reason to report this again.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.