PwnZilla 5 Exploits IDN Link Buffer Overflow (MozillaZine)

[Posted September 22, 2005 by cook]

MozillaZine reports that a recently developed Firefox IDN link buffer overflow vulnerability exploit has been developed. "The PwnZilla 5 code takes advantage of the international domain name (IDN) link buffer overflow flaw, details of which were published earlier this month. The weblog post says that the exploit code "could let attackers take complete control over computers cruising the Web with unpatched versions of the Firefox Internet browser". Previous public exploits for the vulnerability have been basic proof-of-concepts that simply crash the browser."

PwnZilla 5 Exploits IDN Link Buffer Overflow (MozillaZine)

Posted Sep 22, 2005 22:11 UTC (Thu) by jwb (guest, #15467) [Link] (1 responses)

The article (and this one) fails to mention the work-around: go to URL about:config and disable network.enableIDN.

PwnZilla 5 Exploits IDN Link Buffer Overflow (MozillaZine)

Posted Sep 23, 2005 0:06 UTC (Fri) by rm6990 (guest, #30921) [Link]

Or else upgrade to Firefox 1.0.7/Mozilla 1.7.12 :)

Both contain a patch for the problem.