CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.5%
Tom Ferris reports:
A buffer overflow vulnerability exists within Firefox
version 1.0.6 and all other prior versions which allows
for an attacker to remotely execute arbitrary code on an
affected host.
The problem seems to be when a hostname which has all
dashes causes the NormalizeIDN call in
nsStandardURL::BuildNormalizedSpec to return true, but is
sets encHost to an empty string. Meaning, Firefox appends
0 to approxLen and then appends the long string of dashes
to the buffer instead.
Note: It is possible to disable IDN
support as a workaround to protect against this buffer
overflow. How to do this is described on the What Firefox
and Mozilla users should know about the IDN buffer overflow
security issue web page.