RE: [Full-disclosure] FireFox Host: Buffer Overflow is not justexploitable on FireFox

From: Juha-Matti Laurio (juha-matti.laurio_at_netti.fi)
Date: 09/15/05

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Exploiting an online store" 
    Date: Thu, 15 Sep 2005 03:29:48 +0300 (EEST)
To: pkr@csis.dk

    > Hi Juha!
    >
    > > I have informed the vendor Netscape being affected on 9th
    > > September 2005.
    >
    > I did the same on the 10th of September - still no reply nor official
    > statement from Netscape which makes me a little worried.

    Good to know. It seems that's their way to act.
    They had a coverage Security Center wp.netscape.com/security/index.html
    earlier, but all these wp.netscape.com pages redirect to Netscape
    Browser 8.0 Main Page when writing this.

    > > Disabling IDN support via about:config (or prefs.js file) is
    > > possible in Netscape Browser 8 too. Xpi file for Firefox and
    >
    > Correct. I reported that workaround on the 10th of September.
    >
    > I did so using both the security address at netscape.com and the "submission
    > form" on Netscape's official webpage. I never got any reply/respons from
    > netscape.

    Yes, I have similar experiences. I have information that they are
    reading their bug report submissions, however.

    > Netscape uses the same rendering engine as Firefox (unless explicitly told
    > to use IE) and as such, will also be vulnerable. The workaround, covered by
    > the Mozilla Team, will correct the problem simply by disabling IDN.
    >
    > Regards
    > Peter Kruse

    Thanks for sharing the word.

    - Juha-Matti

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Exploiting an online store"

    Relevant Pages