New vulnerability in Mozilla

An attacker could use a security hole in the popular browser to launch malicious code.

This Content Component encountered an error

An attacker could use a fresh vulnerability in Mozilla to cause a heap-based buffer overflow and launch malicious code, according to two security organizations. Users are advised to update to version 1.7.5.

The security hole, discovered by Maurycy Prodeus of iSec Security Research, is labeled "highly critical" by Danish security firm Secunia.

In its advisory, Secunia said the problem is caused by "a boundary error in the 'MSG_UnEscapeSearchUrl()' function in 'nsNNTPProtocol.cpp' when processing NNTP URIs." This can be exploited by a malicious Web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI, the firm said.

A successful attacker could use the exploit to transmit malicious code. The vulnerability has been reported in version 1.7.3 and prior, but is fixed in version 1.7.5.

To paraphrase the World Wide Web Consortium, Internet space is inhabited by many points of content. A URI (Uniform Resource Identifier; pronounced YEW-AHR-EYE) is the way you identify any of those points of content, whether it be a page of text, a video or sound clip, a still or animated image, or a program. The most common form of URI is the Web page address, which is a particular form or subset of URI called a Uniform Resource Locator (URL). A URI typically describes:

  • The mechanism used to access the resource;
  • The specific computer that the resource is housed in; and
  • The specific name of the resource (a file name) on the computer.

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close