CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.5%
A vulnerability in the way Mozilla products and derivative programs handle certain malformed URIs could allow a remote attacker to execute arbitrary code on a vulnerable system.
Mozilla products, including the Mozilla Suite, and Mozilla Firefox are vulnerable to a buffer overflow in the way they handle URIs containing certain IDN encoded hostnames. An error in the conversion of a hostname consisting of Unicode “soft hyphen” characters (U+00AD
) to the UTF-8 character set will cause a buffer overflow. By convincing a user to view an HTML document (e.g., via a web page or email message), an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.
Note: Exploit code for this vulnerability is publicly available.
A remote attacker may be able to execute arbitrary code on a vulnerable system. The code would be executed in the context of the user running the vulnerable browser. In some instances, exploitation may only cause the browser to crash, resulting in a denial of service.
Upgrade
The Mozilla project has released version 1.0.7 of the Firefox web browser which includes a patch for this issue. Firefox users are encouraged to upgrade to this version of the software.
The Mozilla project has also released version 1.7.12 of the Mozilla Suite product which includes a patch for this issue. Mozilla Suite users are encouraged to upgrade to this version of the software.
Workarounds
Disable the use of IDN
Mozilla and Firefox users are encouraged to consider disabling IDN. While implementing this workaround does not correct the buffer overflow error, it prevents the vulnerable portion of code from being exploited. This can be accomplished by adding the following line to the prefs.js
file:
user_pref("network.enableIDN", false);
or by following these steps:
about:config
into the location bar, and hit enter.network.enableIDN
” (without the quotation marks) and hit enter.true
to false
. In Mozilla, this will open a dialog box titled “Enter boolean value.” Enter “false” into this box and hit enter.573857
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: September 19, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Fedora Project has release the following update notifications in response to this issue:
* [FEDORA-2005-871](<https://www.redhat.com/archives/fedora-announce-list/2005-September/msg00038.html>)
* [FEDORA-2005-872](<https://www.redhat.com/archives/fedora-announce-list/2005-September/msg00039.html>)
* [FEDORA-2005-873](<https://www.redhat.com/archives/fedora-announce-list/2005-September/msg00040.html>)
* [FEDORA-2005-874](<https://www.redhat.com/archives/fedora-announce-list/2005-September/msg00041.html>)
Users are encouraged to review these notices and apply the appropriate patches that they refer to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23573857 Feedback>).
Updated: September 19, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Gentoo Linux security team has published Gentoo Linux Security Advisory GLSA 200509-11 in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23573857 Feedback>).
Notified: September 09, 2005 Updated: September 09, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Mozilla Foundation Security Team has published preliminary solution information in the following document:
What Mozilla users should know about the IDN buffer overflow security issue
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23573857 Feedback>).
Updated: September 16, 2005
Affected
`This issue affects the Firefox browser as shipped in Red Hat Enterprise
Linux 4, and the Mozilla browser in Red Hat Enterprise Linux 2.1, 3, and
4. Updated Firefox and Mozilla packages to correct this issue are
available at the URL below and by using the Red Hat Network ‘up2date’
tool.
<http://rhn.redhat.com/errata/CAN-2005-2871.html>`
The vendor has not provided us with any further information regarding this vulnerability.
Updated: September 16, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The Ubuntu Linux security team has published Ubuntu Security Notice USN-181-1 in response to this issue. Users are encouraged to review this notice and apply the patches that it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23573857 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Tom Ferris.
This document was written by Chad Dougherty and Will Dormann.
CVE IDs: | CVE-2005-2871 |
---|---|
Severity Metric: | 19.13 Date Public: |
secunia.com/advisories/16764/
secunia.com/advisories/16766/
secunia.com/advisories/16767/
security-protocols.com/advisory/sp-x17-advisory.txt
www.ciac.org/ciac/bulletins/p-303.shtml
www.frsirt.com/english/advisories/2005/1690
www.mozilla.org/security/idn.html
www.security-protocols.com/modules.php?name=News&file=article&sid=2910
www.securityfocus.com/bid/14784
xforce.iss.net/xforce/xfdb/22207
bugzilla.mozilla.org/show_bug.cgi?id=307259