Message-ID: <email address hidden>
Date: Fri, 31 Dec 2004 15:31:32 -0500
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2004-1316: DOS due to Heap-based buffer overflow in MSG_UnEscapeSearchUrl in
nsNNTPProtocol.cpp
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp=
for
Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of se=
rvice
(application crash) via an NNTP URL (news:) with a trailing '\' (backslas=
h)
character, which prevents a string from being NULL terminated.
Message-ID: <email address hidden> rchUrl in
Date: Fri, 31 Dec 2004 15:31:32 -0500
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2004-1316: DOS due to Heap-based buffer overflow in MSG_UnEscapeSea
nsNNTPProtocol.cpp
--fdj2RfSjLxBAspz7 Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Package: mozilla-browser
Version: 2:1.7.3-5
Severity: grave
Our mozilla is vulnerable to CAN-2004-1316:
Heap-based buffer overflow in MSG_UnEscapeSea rchUrl in nsNNTPProtocol.cpp=
for
Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of se=
rvice
(application crash) via an NNTP URL (news:) with a trailing '\' (backslas=
h)
character, which prevents a string from being NULL terminated.
Apparently the hole can only be used to crash mozilla, not execute arbitary marc.theaimsgro up.com/ ?l=3Dbugtraq& m=3D11043628471 8949&w= 3D2
code. Details here.
http://
--=20
see shy jo
--fdj2RfSjLxBAspz7 pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAhheAJ 48MXlvsqkbhTMzA 0giky0XkwZjjgCf VZ9Z EMb9yLS0=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB1bcjd8H
+NaztONXrCuc6Jl
=w+Gg
-----END PGP SIGNATURE-----
--fdj2RfSjLxBAs pz7--