{"vuid":"VU#573857","idnumber":"573857","name":"Mozilla-based browsers contain a buffer overflow in handling URIs containing a malformed IDN hostname","keywords":["Mozilla","Firefox","Netscape","arbitrary code execution","buffer overflow","URI","URL","dashes","soft hyphen","Unicode"],"overview":"A vulnerability in the way Mozilla products and derivative programs handle certain malformed URIs could allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Mozilla products, including the Mozilla Suite, and Mozilla Firefox are vulnerable to a buffer overflow in the way they handle URIs containing certain IDN encoded hostnames. An error in the conversion of a hostname consisting of Unicode \"soft hyphen\" characters (U+00AD) to the UTF-8 character set will cause a buffer overflow. By convincing a user to view an HTML document (e.g., via a web page or email message), an attacker could execute arbitrary code with the privileges of the user running the vulnerable application. Note:  Exploit code for this vulnerability is publicly available.","impact":"A remote attacker may be able to execute arbitrary code on a vulnerable system. The code would be executed in the context of the user running the vulnerable browser. In some instances, exploitation may only cause the browser to crash, resulting in a denial of service.","resolution":"Upgrade The Mozilla project has released version 1.0.7 of the Firefox web browser which includes a patch for this issue. Firefox users are encouraged to upgrade to this version of the software. The Mozilla project has also released version 1.7.12 of the Mozilla Suite product which includes a patch for this issue. Mozilla Suite users are encouraged to upgrade to this version of the software.","workarounds":"Workarounds Disable the use of IDN Mozilla and Firefox users are encouraged to consider disabling IDN. While implementing this workaround does not correct the buffer overflow error, it prevents the vulnerable portion of code from being exploited. This can be accomplished by adding the following line to the prefs.js file: user_pref(\"network.enableIDN\", false); or by following these steps: Open the browser, type about:config into the location bar, and hit enter. In the \"Filter\" dialog box, enter \"network.enableIDN\" (without the quotation marks) and hit enter. A single Preference Name should appear in the results. Double-click on the result. In Firefox, this will toggle the value from true to false. In Mozilla, this will open a dialog box titled \"Enter boolean value.\"  Enter \"false\" into this box and hit enter.","sysaffected":"","thanks":"This vulnerability was reported by Tom Ferris.","author":"This document was written by Chad Dougherty and Will Dormann.","public":["http://www.mozilla.org/security/idn.html","http://www.security-protocols.com/modules.php?name=News&file=article&sid=2910","http://security-protocols.com/advisory/sp-x17-advisory.txt","http://secunia.com/advisories/16764/","http://secunia.com/advisories/16766/","http://secunia.com/advisories/16767/","https://bugzilla.mozilla.org/show_bug.cgi?id=307259","http://www.securityfocus.com/bid/14784","http://xforce.iss.net/xforce/xfdb/22207","http://www.frsirt.com/english/advisories/2005/1690","http://www.ciac.org/ciac/bulletins/p-303.shtml"],"cveids":["CVE-2005-2871"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-09-09T14:23:24Z","publicdate":"2005-09-09T00:00:00Z","datefirstpublished":"2005-09-09T20:20:22Z","dateupdated":"2005-09-23T18:29:22Z","revision":34,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"8","cam_attackeraccessrequired":"20","cam_scorecurrent":"19.125","cam_scorecurrentwidelyknown":"22.95","cam_scorecurrentwidelyknownexploited":"38.25","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":19.125,"vulnote":null}