FreeBSD : firefox & mozilla -- buffer overflow vulnerability (8665ebb9-2237-11da-978e-0001020eed82)
High Nessus Plugin ID 21463
The remote FreeBSD host is missing one or more security-related updates.
Tom Ferris reports : A buffer overflow vulnerability exists within Firefox version 1.0.6 and all other prior versions which allows for an attacker to remotely execute arbitrary code on an affected host. The problem seems to be when a hostname which has all dashes causes the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, but is sets encHost to an empty string. Meaning, Firefox appends 0 to approxLen and then appends the long string of dashes to the buffer instead. Note: It is possible to disable IDN support as a workaround to protect against this buffer overflow. How to do this is described on the What Firefox and Mozilla users should know about the IDN buffer overflow security issue web page.