TCH-Thomas Posted December 30, 2004 Share Posted December 30, 2004 Secunia (http://secunia.com/advisories/13687/)writes Maurycy Prodeus has reported a vulnerability in Mozilla, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "MSG_UnEscapeSearchUrl()" function in "nsNNTPProtocol.cpp" when processing NNTP URIs. This can be exploited via e.g. a malicious web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI. Successful exploitation may allow execution of arbitrary code. The vulnerability has been reported in version 1.7.3 and prior. Solution: Update to version 1.7.5. Please note: This affects Mozilla not Firefox as far as I can tell. Quote Link to comment Share on other sites More sharing options...
borfast Posted December 30, 2004 Share Posted December 30, 2004 Thanks, Thomas! Quote Link to comment Share on other sites More sharing options...
Madmanmcp Posted December 30, 2004 Share Posted December 30, 2004 Thanks Thomas, you beat me to it Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted December 30, 2004 Author Share Posted December 30, 2004 Well, we can not only nag about I.E´s vulnerabilities. Quote Link to comment Share on other sites More sharing options...
Madmanmcp Posted December 30, 2004 Share Posted December 30, 2004 LOL well we probably could... Quote Link to comment Share on other sites More sharing options...
Sheila Posted December 30, 2004 Share Posted December 30, 2004 Thanks Thomas - Mozilla is one of the browsers I use to test my designs, so I'd rather not be open to hackers while I do!! Downloading the latest version even as I type Quote Link to comment Share on other sites More sharing options...
Deverill Posted December 31, 2004 Share Posted December 31, 2004 Well, we can not only nag about I.E´s vulnerabilities. <{POST_SNAPBACK}> The funny thing is, how many times is the solution to an IE vulnerability to "use the latest version"? Quote Link to comment Share on other sites More sharing options...
borfast Posted December 31, 2004 Share Posted December 31, 2004 I find it strange that Mozilla still didn't say anything about this... :| Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.