Firefox Remote Exploit

  • Thread starter dduardo
  • Start date
dduardo
Staff Emeritus
1,894
3

Main Question or Discussion Point

Firefox URL Domain Name Buffer Overflow

Rating: Highly Critical

http://secunia.com/advisories/16764/

See if your vulnerable by clicking the the following link (Note: Firefox might crash) :

http://www.security-protocols.com/firefox-death.html [Broken]

Depending on your Firefox setup this may or may not effect you. This did not affect me (Gentoo Linux, FF 1.06 compiled with fstack-protector-all).

Solution:

1) In the url bar go to about:config
2) Click on network.enableIDN to set to false

[edit] Mozilla has been planning to disable IDN for some time now since it is a broken standard. The patch Mozilla will be releasing shortly will disable IDN for good. You can actually go to Mozilla's Bugzilla and download the xpi patch.

https://bugzilla.mozilla.org/attachment.cgi?id=195467
 
Last edited by a moderator:

Answers and Replies

cronxeh
Gold Member
949
10
Its kinda weird it tries to download a file from NOAA's website

and the line in that file says

Matt Foster - SHV 1.2e
 
dduardo
Staff Emeritus
1,894
3
What are you talking about? The patch? The patch comes straight from bugzilla.mozilla.org.
 
Monique
Staff Emeritus
Science Advisor
Gold Member
4,104
63
dduardo said:
Solution:

1) In the url bar go to about:config
2) Click on network.enableIDN to set to false[/url]
And how do I set it to false?
 
hypnagogue
Staff Emeritus
Science Advisor
Gold Member
2,221
2
Monique said:
And how do I set it to false?
Does that mean you're using Firefox now? :surprised

Just double click it and it should be set to false.
 
FredGarvin
Science Advisor
5,050
6
Thanks for the heads up Dduardo. I had to change it.
 
Monique
Staff Emeritus
Science Advisor
Gold Member
4,104
63
hypnagogue said:
Does that mean you're using Firefox now? :surprised
*Shhhhhhhht!*


Actually, I found a skin that solved some critical problems I had.

Just double click it and it should be set to false.
Right, next time I should just go to sleep at 3 am.
 
508
1
dduardo said:
See if your vulnerable by clicking the the following link (Note: Firefox might crash) :

http://www.security-protocols.com/firefox-death.html [Broken]
I use Firefox 1.0.6 on winXPsp2 and network.enableIDN to set to true, but the link does not crash Firefox it just gives me an empty page.
 
Last edited by a moderator:

Related Threads for: Firefox Remote Exploit

  • Last Post
Replies
15
Views
2K
  • Poll
  • Last Post
Replies
21
Views
3K
  • Last Post
Replies
4
Views
1K
  • Last Post
Replies
12
Views
2K
  • Last Post
2
Replies
48
Views
6K
Replies
31
Views
5K
  • Last Post
Replies
2
Views
570
  • Last Post
Replies
4
Views
1K
Top