Mozilla Firefox Link Buffer Overflow Allows Arbitrary Code Execution

CNET News.com is reporting that details of an upatched buffer overflow flaw in Mozilla Firefox have been made public. The security vulnerability is caused by a bug in the way long links with dashes are handled and is reported to allow an attacker to execute arbitrary code on a victim's system.

The problem was discovered by security researcher Tom Ferris and published on the Security Protocols website yesterday. The Security Protocols advisory refers to the flaw as the Mozilla Firefox "Host:" Buffer Overflow and states that it is present in Firefox 1.0.6 and Firefox 1.5 Beta 1. The advisory features some extremely simple sample exploit code, which will crash Firefox if it's included in a webpage.

The French Security Incident Response Team (FrSIRT) has published two advisories relating to the security vulnerability. The Mozilla Browsers "Host:" Parameter Remote Buffer Overflow advisory warns that the flaw affects both Mozilla Firefox and the latest version of the Mozilla Application Suite, while the Netscape "Host:" Parameter Remote Buffer Overflow Vulnerability advisory states that Netscape Browser 8.0 is also affected.

According to the News.com article, Ferris reported the flaw to the Mozilla Foundation on Sunday, in line with the Mozilla security bugs policy. However, he decided to make the vulnerability public "after a run-in with Mozilla staff".

Thanks to roseman for the link to the News.com article, Juha-Matti Laurio and Padraig O'hIceadha for the link to the Security Protocols documentation and Juha-Matti Laurio again for the links to the FrSIRT advisories.

Talkback

http://www.mozillazine.org/talkback.html?article=7307