mozilla -- heap overflow in NNTP handler

2004-12-29T00:00:00
ID 3FBF9DB2-658B-11D9-ABAD-000A95BC6FAE
Type freebsd
Reporter FreeBSD
Modified 2004-12-29T00:00:00

Description

Maurycy Prodeus reports a critical vulnerability in Mozilla-based browsers:

Mozilla browser supports NNTP urls. Remote side is able to trigger news:// connection to any server. I found a flaw in NNTP handling code which may cause heap overflow and allow remote attacker to execute arbitrary code on client machine.