Mozilla irc: URI Handler DoS

2003-11-26T09:13:03
ID OSVDB:2863
Type osvdb
Reporter OSVDB
Modified 2003-11-26T09:13:03

Description

Vulnerability Description

The Mozilla IRC application Chatzilla contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long irc:URI string is sent, and will result in loss of availability for the service.

Technical Description

The flaw resides in the js3250.dll file on a Windows platform. It is not know if the flaw exists on other Operating systems. The flaw has been confirmed in Mozilla 1.4 and 1.5 also in Chatzilla 0.9.35 and 0.9.48 but may exist in other versions as well.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): filtering overly long irc requests

Short Description

The Mozilla IRC application Chatzilla contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long irc:URI string is sent, and will result in loss of availability for the service.

References:

Secunia Advisory ID:10292 ISS X-Force ID: 13849 Generic Informational URL: http://www.mozilla.org/ Bugtraq ID: 9104