Mozilla.Firefox.Domain.Handling.Buffer.Overflow
Description
This indicates an attack attempt against a buffer-overflow vulnerability in Mozilla Firefox and Thunderbird.
The vulnerability is caused by an error when the vulnerable software handles a crafted hostname. It allows a remote attacker to execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD).
Affected Products
Gain Access, remote code execution.
Impact
Mozilla Firefox version 1.0.6 and prior
Mozilla Firefox version 1.5 Beta 1 and prior
Mozilla Suite version 1.7.11 and prior
Mozilla Thunderbird version 1.0.6 and prior
Netscape version 8.0.3.3 and prior
Recommended Actions
Upgrade to Mozilla Firefox 1.0.7 or Mozilla Suite 1.7.12 :
http://www.mozilla.org/products/
Upgrade to Mozilla Thunderbird 1.0.7 :
http://www.mozilla.org/products/thunderbird/
Disable IDN support automatically by installing this temporary fix :
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi
Upgrade to Netscape version 8.0.4 :
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-03-13 | 14.572 | Sig Added |