Technical Description

A vulnerability has been identified in Mozilla Firefox and Mozilla Suite, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error in the "NormalizeIDN" function when handling malformed URLs containing "soft hyphen" characters (0xAD) embedded in an HTML tag (e.g. "A HREF"), which could be exploited by remote attackers to take complete control of an affected system via specially crafted Web pages.

Affected Products

Mozilla Firefox version 1.0.6 and prior
Mozilla Firefox version 1.5 Beta 1 and prior
Mozilla Suite version 1.7.11 and prior
Mozilla Thunderbird version 1.0.6 and prior

Solution

Upgrade to Mozilla Firefox 1.0.7 or Mozilla Suite 1.7.12 :
http://www.mozilla.org/products/
Upgrade to Mozilla Thunderbird 1.0.7 :
http://www.mozilla.org/products/thunderbird/
Disable IDN support automatically by installing this temporary fix :
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi
Or manually by entering "about:config" in the location bar, and then setting "network.enableIDN" to "false".

References

http://www.vupen.com/english/advisories/2005/1690
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
https://bugzilla.mozilla.org/show_bug.cgi?id=307259
http://www.mozilla.org/security/idn.html

Credits

Vulnerability reported by Tom Ferris

ChangeLog

2005-09-09 : Initial release
2005-09-09 : Updated Solution
2005-09-09 : Updated References
2005-09-09 : Temporary fix available (307259.xpi)
2005-09-21 : Updated Solution (Firefox 1.0.7)
2005-09-22 : Updated Solution (Mozilla 1.7.12)
2005-10-01 : Updated Solution (Thunderbird 1.0.7)

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.