Home > Exploits > Browser/E-mail > Mozilla Firefox IDN Host Buffer Overflow

Vulnerability: Mozilla Firefox IDN Host Buffer Overflow

Alternate: Domain Name Remote Buffer Overflow Vulnerability

Bugtraq ID: 14784

CVE: CAN-2005-2871

US-CERT: 573857

Credit: Tom Ferris

Vulnerable: Mozilla, Firefox, Thunderbird, Netscape

Patch: A vendor-supplied patch and workaround is available which simply temporarily disables IDN

An attacker could remotely execute code on a vulnerable system because of an exploitable buffer overflow vulnerability found in all versions of Firefox.  This vulnerability can be exploited by giving Firefox a very long url made up of dashes.  Firefox is vulnerable due to the way it handles the International Domain Name (IDN) feature for web pages not using the standard Latin alphabet characters.

Copyright (c) 2005, 2008  A. Ryan Robbins.  All Rights Reserved.