TCH-Thomas Posted December 30, 2004 Posted December 30, 2004 Secunia (http://secunia.com/advisories/13687/)writes Maurycy Prodeus has reported a vulnerability in Mozilla, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "MSG_UnEscapeSearchUrl()" function in "nsNNTPProtocol.cpp" when processing NNTP URIs. This can be exploited via e.g. a malicious web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI. Successful exploitation may allow execution of arbitrary code. The vulnerability has been reported in version 1.7.3 and prior. Solution: Update to version 1.7.5. Please note: This affects Mozilla not Firefox as far as I can tell. Quote
TCH-Thomas Posted December 30, 2004 Author Posted December 30, 2004 Well, we can not only nag about I.E´s vulnerabilities. Quote
Sheila Posted December 30, 2004 Posted December 30, 2004 Thanks Thomas - Mozilla is one of the browsers I use to test my designs, so I'd rather not be open to hackers while I do!! Downloading the latest version even as I type Quote
Deverill Posted December 31, 2004 Posted December 31, 2004 Well, we can not only nag about I.E´s vulnerabilities. <{POST_SNAPBACK}> The funny thing is, how many times is the solution to an IE vulnerability to "use the latest version"? Quote
borfast Posted December 31, 2004 Posted December 31, 2004 I find it strange that Mozilla still didn't say anything about this... :| Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.