Mozilla Buffer Overflow in Processing NNTP URLs Lets Remote Users Execute Arbitrary Code

Version(s): 1.7.3
 
Description:  A heap overflow vulnerability was reported in Mozilla in the processing of NNTP URLs. A remote user can execute arbitrary code on the target system.

Maurycy Prodeus of iSEC Security Research reported that a remote user can create a specially crafted ‘news://’ URL that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user’s system. The code will run with the privileges of the target user.

The flaw resides in the *MSG_UnEscapeSearchUrl() function in ‘nsNNTPProtocol.cpp’.

The original advisory is available at: http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
 
Impact:  A remote user can create a URL that, when loaded by the target user, will execute arbitrary code on the target user’s system with the privileges of the target user.
 
Solution:  The vendor has issued a fixed version (1.7.5), available at: http://www.mozilla.org/products/mozilla1.x/

http://securitytracker.com/alerts/2004/Dec/1012726.html

Leave a Reply