Detections
Analytics

FreeBSD : firefox & mozilla -- buffer overflow vulnerability (8665ebb9-2237-11da-978e-0001020eed82)

high Nessus Plugin ID 21463

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Tom Ferris reports :

A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host.

The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead.

Note: It is possible to disable IDN support as a workaround to protect against this buffer overflow. How to do this is described on the What Firefox and Mozilla users should know about the IDN buffer overflow security issue web page.

Solution

Update the affected packages.

See Also

https://marc.info/?l=full-disclosure&m=112624614008387

https://www.mozilla.org/en-US/security/idn.html

https://bugzilla.mozilla.org/show_bug.cgi?id=307259

https://www.mozilla.org/en-US/security/advisories/mfsa2005-57/

http://www.nessus.org/u?bf3b87c1

Plugin Details

Severity: High

ID: 21463

File Name: freebsd_pkg_8665ebb9223711da978e0001020eed82.nasl

Version: 1.20

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-netscape, p-cpe:/a:freebsd:freebsd:fr-netscape7, p-cpe:/a:freebsd:freebsd:pt_br-netscape7, p-cpe:/a:freebsd:freebsd:mozilla-embedded, p-cpe:/a:freebsd:freebsd:zhtw-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:phoenix, p-cpe:/a:freebsd:freebsd:mozilla-thunderbird, p-cpe:/a:freebsd:freebsd:de-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:fr-linux-netscape, p-cpe:/a:freebsd:freebsd:ja-netscape7, p-cpe:/a:freebsd:freebsd:mozilla-gtk2, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:netscape7, p-cpe:/a:freebsd:freebsd:firefox, p-cpe:/a:freebsd:freebsd:ja-linux-netscape, p-cpe:/a:freebsd:freebsd:ja-linux-mozillafirebird-gtk1, p-cpe:/a:freebsd:freebsd:mozilla-firebird, p-cpe:/a:freebsd:freebsd:de-netscape7, p-cpe:/a:freebsd:freebsd:linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:mozilla, p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:ja-mozillafirebird-gtk2, p-cpe:/a:freebsd:freebsd:el-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:linux-mozilla, p-cpe:/a:freebsd:freebsd:de-linux-netscape, p-cpe:/a:freebsd:freebsd:mozilla-gtk, p-cpe:/a:freebsd:freebsd:mozilla-gtk1, p-cpe:/a:freebsd:freebsd:ru-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:linux-mozilla-devel, p-cpe:/a:freebsd:freebsd:zhcn-linux-mozillafirebird, p-cpe:/a:freebsd:freebsd:mozilla%2bipv6, p-cpe:/a:freebsd:freebsd:linux-phoenix

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/10/2005

Vulnerability Publication Date: 9/8/2005

Reference Information

CVE: CVE-2005-2871

BID: 14784

CERT: 573857