検索:
ホーム   »     »   A New Exploit for Mozilla Browsers

A New Exploit for Mozilla Browsers

  • 投稿日:2005年9月27日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

Berend-Jan Wever, aka “Skylined”, released an exploit code for the IDN host name heap buffer overrun vulnerability in Mozilla browsers. Mozilla browsers include (Firefox, Mozilla, and Netscape). You can find the source code of the exploit here.


http://www.milw0rm.com/id.php?id=1224

These two lines are worth noticing in the exploit code.


One sploit to rule them all, One sploit to find them,
One sploit to bring them all and to port 28876 bind them.

If succesful, the exploit will set up a listening port at 28876. The exploit was tested to work in Firefox 1.0.6.

Skylined is previously known for his InternetExploiter series of exploits against MS IE and the Alpha 2 alphanumeric shellcode encoder, among others.

Firefox fix

Firefox 1.0.7 has been released to address this vulnerability, and is now available for download at the Mozilla Foundation homepage. MozillaZine also issued a security bulletin announcing the release of the Firefox fix. To quote the bulletin


“The Mozilla Foundation previously issued a patch for Firefox 1.0.6 that protected users against the IDN link buffer overflow flaw at the expense of removing support for IDNs. Firefox 1.0.7 has a more permanent solution that does not involve disabling IDN functionality and any users who installed the patch will find that IDN support is restored when they upgrade.”

Related posts:

  1. ニセのセキュリティソフトによる詐欺被害+α
  2. 「愉快犯」系もまだまだ健在! 最近の愉快犯あれこれ
  3. Some Bits About UPolyX
  4. モバイル利用者を狙うフィッシング詐欺事例:SMSでの誘導を確認
Tags: スミッシング


  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.