This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Tom Ferris reports :
A buffer overflow vulnerability exists within Firefox version 1.0.6
and all other prior versions which allows for an attacker to remotely
execute arbitrary code on an affected host.
The problem seems to be when a hostname which has all dashes causes
the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return
true, but is sets encHost to an empty string. Meaning, Firefox appends
0 to approxLen and then appends the long string of dashes to the
Note: It is possible to disable IDN support as a workaround to protect
against this buffer overflow. How to do this is described on the What
Firefox and Mozilla users should know about the IDN buffer overflow
security issue web page.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true