Mozilla Products Host: Buffer Overflow Denial of Service String

ID EDB-ID:1204
Type exploitdb
Reporter Tom Ferris
Modified 2005-09-09T00:00:00


Mozilla Products (Host:) Buffer Overflow Denial of Service String. Dos exploits for multiple platform


Mozilla Firefox <= 1.0.6 (Host:) Buffer Overflow DoS String
Formatted for your tesing /str0ke

Tom Ferris

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Technical Details:
The problem seems to be when a hostname which has all dashes causes the
NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true,
but is sets encHost to an empty string.  Meaning, Firefox appends 0 to
approxLen and then appends the long string of dashes to the buffer
instead.  The following HTML code below will reproduce this issue:

<A HREF=https:--------------------------------------------- >


<A HREF=https:­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ >

# [2005-09-09]