If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

New vunerability in Firefox 1.0.6 and 1.5 Beta 1

evilhomer · 2005-09-10 22:23:58

I'm sure a lot of the people who read this forum have seen this already, but here goes anyway. Simple yet very effective buffer overflow bug vunerability found in FF 1.0.6(probably all 1.0.x) releases and Beta 1.5. originally posted here Technical Details: The problem seems to be when a hostname which has all dashes causes…

10-09-2005 10:23pm

#1

evilhomer

Registered Users, Registered Users 2 Posts: 1,464 ✭✭✭

Join Date: July 2002

Posts: 1369

I'm sure a lot of the people who read this forum have seen this already, but here goes anyway.

Simple yet very effective buffer overflow bug vunerability found in FF 1.0.6(probably all 1.0.x) releases and Beta 1.5.

originally posted here

Technical Details:
The problem seems to be when a hostname which has all dashes causes the NormalizeIDN
call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an
empty string. Meaning, Firefox appends 0 to approxLen and then appends the long
string of dashes to the buffer instead. The following HTML code below will reproduce
this issue:

A HREF=https:

I'm assuming that this is already being exploited since it would take all of 10 seconds to post a URL somewhere.

Mozilla have a fix/workaround

hope this doesn't annoy anyone.

0