Article

New vulnerability in Mozilla

Bill Brenner, News Writer

An attacker could use a fresh vulnerability in Mozilla to cause a heap-based buffer overflow and launch malicious code, according to two security organizations. Users are advised to update to version 1.7.5.

The security hole, discovered by Maurycy Prodeus of iSec Security Research,

    Requires Free Membership to View

is labeled "highly critical" by Danish security firm Secunia.

In its advisory, Secunia said the problem is caused by "a boundary error in the 'MSG_UnEscapeSearchUrl()' function in 'nsNNTPProtocol.cpp' when processing NNTP URIs." This can be exploited by a malicious Web site to cause a heap-based buffer overflow when referencing a specially crafted, overly long "news://" URI, the firm said.

A successful attacker could use the exploit to transmit malicious code. The vulnerability has been reported in version 1.7.3 and prior, but is fixed in version 1.7.5.

To paraphrase the World Wide Web Consortium, Internet space is inhabited by many points of content. A URI (Uniform Resource Identifier; pronounced YEW-AHR-EYE) is the way you identify any of those points of content, whether it be a page of text, a video or sound clip, a still or animated image, or a program. The most common form of URI is the Web page address, which is a particular form or subset of URI called a Uniform Resource Locator (URL). A URI typically describes:

  • The mechanism used to access the resource;
  • The specific computer that the resource is housed in; and
  • The specific name of the resource (a file name) on the computer.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: