RSS

Bugging Out Firefox

John Stith
Staff Writer
2005-09-15

Insider Reports RSS Feed

Last week, Mozilla and Netscape became aware of a vulnerability in their browsers regarding IDNs. This marks multiple problems with IDNs the browsers have had and this seems to have been a real problem for the organizations.

A recent conversation with white hat Tom Ferris shed some light on the subject. According to Ferris, he discovered the vulnerability a few weeks ago and began his standard process of testing and researching the problem. He sent his information to Netscape and Mozilla on September 4th. While he received no response from Netscape, Mozilla did respond. Ferris added he had given all his information to Mozilla, along with documentation and research.

Ferris said during our conversation he developed an exploit within few hours for Win32. On September 6th, Ferris made the information public and on Mozilla 9th released a configuration change, disabling the IDN browser. At this point, they've also distributed a patch that will make those changes for the Firefox user.

Buffer overflow problems occur when programs allow data to be written beyond the limit allocated by the buffer in memory. These problems make it easy enough for nasty code to sneak into your computer with a bit of an overload.

He also commented that when he initially submitted all his information to Mozilla, they seemed at odds and he felt put out by them. This helped him decide to go on and make the announcement. Ferris commented they he used Firefox and firmly believes in the open source movement, he's also found problems in Internet Explorer and Microsoft has always "treated him more like a professional." He said he felt the folks over at Mozilla treated him more like a kid. That's what made him decide to announce the information himself. He put it on his Security Protocols site and pushed it through the Full Disclosure security mailing list. CNET commented that Mozilla was not to happy with the publicity and would've preferred to have kept the vulnerability private.

The vulnerability itself is in the buffer overflow that would remote access and hackers could execute code and that's when he toyed with it and got into Win32. Another individual based in Europe created a vulnerability in Linux.

Overall, this seems to saying something larger about Mozilla. They seem to have real problems mastering the IDN because earlier in the summer, they faced a spoofing problem with the browser as well. It's a fundamental flaw in the design of the thing and Firefox and other browsers using similar architecture will remain in danger as until the problem fixed permanently. There's no word on whether or not they have fixed the problem for their new beta or if it will be fixed before the official launch.

About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More news_security_news Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials