Berend-Jan Wever, aka “Skylined”, released an exploit code for the IDN host name heap buffer overrun vulnerability in Mozilla browsers. Mozilla browsers include (Firefox, Mozilla, and Netscape). You can find the source code of the exploit here.
These two lines are worth noticing in the exploit code.
If succesful, the exploit will set up a listening port at 28876. The exploit was tested to work in Firefox 1.0.6.
Skylined is previously known for his InternetExploiter series of exploits against MS IE and the Alpha 2 alphanumeric shellcode encoder, among others.
Firefox fix
Firefox 1.0.7 has been released to address this vulnerability, and is now available for download at the Mozilla Foundation homepage. MozillaZine also issued a security bulletin announcing the release of the Firefox fix. To quote the bulletin
http://www.milw0rm.com/id.php?id=1224
These two lines are worth noticing in the exploit code.
One sploit to rule them all, One sploit to find them,
One sploit to bring them all and to port 28876 bind them.
One sploit to bring them all and to port 28876 bind them.
If succesful, the exploit will set up a listening port at 28876. The exploit was tested to work in Firefox 1.0.6.
Skylined is previously known for his InternetExploiter series of exploits against MS IE and the Alpha 2 alphanumeric shellcode encoder, among others.
Firefox fix
Firefox 1.0.7 has been released to address this vulnerability, and is now available for download at the Mozilla Foundation homepage. MozillaZine also issued a security bulletin announcing the release of the Firefox fix. To quote the bulletin
“The Mozilla Foundation previously issued a patch for Firefox 1.0.6 that protected users against the IDN link buffer overflow flaw at the expense of removing support for IDNs. Firefox 1.0.7 has a more permanent solution that does not involve disabling IDN functionality and any users who installed the patch will find that IDN support is restored when they upgrade.”