Mozilla Foundation Security Advisory 2008-37

2008-09-29T00:00:00
ID SECURITYVULNS:DOC:20585
Type securityvulns
Reporter Securityvulns
Modified 2008-09-29T00:00:00

Description

Mozilla Foundation Security Advisory 2008-37

Title: UTF-8 URL stack buffer overflow Impact: Critical Announced: September 23, 2008 Reporter: Justin Schuh, Tom Cross, Peter William Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey 1.1.12 Description

Justin Schuh and Tom Cross of the IBM X-Force and Peter Williams of IBM Watson Labs reported errors in Mozilla URL parsing routines. These errors could be exploited using a specially crafted UTF-8 URL in a hyperlink which could overflow a stack buffer and allow an attacker to execute arbitrary code.

Firefox 3 is not affected by this issue References

* https://bugzilla.mozilla.org/show_bug.cgi?id=443288
* https://bugzilla.mozilla.org/show_bug.cgi?id=451617
* CVE-2008-0016