425769 - HTTP_Favorites_Icon_Overflow

Status: RESOLVED INCOMPLETE

(Firefox :: Security, defect)

Description

[Nithya]

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Build Identifier: 

Accessing a webpage with malformed favorites icon inhibits further access to internet. 

Reproducible: Always

Steps to Reproduce:
1.Install ISS RealSecure Desktop Protector
2.Access website with many favorites icons, e.g. www.xe.com
 
Actual Results:  
Internet access inhibited. ISS Realsecure Desktop protector logged critical error HTTP_Favorites_Icon_Overflow - [Unauthorized Access Attempt] This signature detects when you visit a Web site that provides a "favorites icon" that has a suspicious format. This includes an icon that contains a large number of images or an icon with one or more overlapping images. These icons can overflow a buffer in some older browsers allowing the server to take control of the client.

Expected Results:  
Resolve this vulnerability. 

This issue was resolved in Microsoft IE 5.01.

Comment 1

[Tyler Downer [He/Him]]

This bug was reported on Firefox 2.x or older, which is no longer supported and will not be receiving any more updates. I strongly suggest that you update to Firefox 3.6.3 or later, update your plugins (flash, adobe, etc.), and retest in a new profile. If you still see the issue with the updated Firefox, please post here. Otherwise, please close as RESOLVED > WORKSFORME
http://www.mozilla.com
http://support.mozilla.com/kb/Managing+profiles
http://support.mozilla.com/kb/Safe+mode

Comment 2

[Tyler Downer [He/Him]]

No reply, INCOMPLETE. Please retest with Firefox 3.6.x or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.