Mozilla Patches Firefox IDN Buffer Overflow

Filed in: Mozilla, Security — September 13th, 2005

FirefoxMozilla Firefox released patch for the International Domain Name (IDN) buffer overflow vulnerability.

The vulnerability, which was reported by security researcher Tom Ferris to the Mozilla team earlier this week, concerns the International Domain Name (IDN) feature that Mozilla products use to process Web pages that do not use Latin alphabet characters in their names.

Links pointing to a host with a long name composed entirely of dashes can be crafted so that Firefox will execute arbitrary code of an attacker’s choosing, meaning that an attacker theoretically could use the flaw to take control of a user’s machine.

No code that actually exploits this vulnerability has yet been seen, but all versions of Mozilla Firefox and the Mozilla Suite are affected, according to the Mozilla team. The vulnerability even includes version 1.5 Beta 1 (Deer Park Alpha 2), which was released on Thursday.

[ Yahoo! News ]

IDN buffer overflow fixes

[tags]firefox[/tags]

Like this post? Please share:

Follow @liewcf on Twitter; Join Facebook page; Subscribe to free newsletter for updates like this article..

What do you think? No Responses to “Mozilla Patches Firefox IDN Buffer Overflow”

Comments Feed | TrackBack URL

Comments are closed.

Comments are closed. Submit your comment here

t