------=_Part_10103_25079004.1126427967549 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi all, Research and development has let to a ~90% reliable working exploit for th= e=20 IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is=20 turned off and JavaScript is enabled. Some tweaking might yield an even=20 higher success ratio. It has also revealed that not only FireFox is=20 vulnerable to this vulnerability, but the exact same exploit works on the= =20 latest releases of all these products based on the Mozilla engine: - Mozilla FireFox 1.0.6 and 1.5beta, - Mozilla Browser 1.7.11, - Netscape 8.0.3.3 . Recommendations for this vulnerability: - FireFox and Mozilla: Install the workaround for ( https://addons.mozilla.org/messages/307259.html). - Netscape: hope they'll respond to this email and release a workaround. - Wait for a patch and install it asap. Recommendations to make it harder to exploit any FireFox vulnerability: - Turn on DEP (Data Execution Prevention), - Turn off JavaScript, - Switch to another browser, - Do not browse untrusted sites, - Do not browse the web at all, - Unplug your machine from the web, - Wear a tinfoil hat. Cheers, SkyLined On 9/10/05, Berend-Jan Wever wrote:=20 >=20 > (Just a little heads up, no details or PoC attached) > The security vulnerability in Mozilla FireFox reported by Tom Ferris is= =20 > exploitable on Windows. > I developed a working exploit that seems to be 100% stable, though I've= =20 > only tested it on one system. > The exploit will not be released publicly untill patches are out. > On a side note: it took only about 3 hours and 30 minutes to develop the= =20 > exploit, so I might not be the only one able to write it. > Cheers, > SkyLined >=20 > --=20 > Berend-Jan Wever > http://www.edup.tudelft.nl/~bjwever=20 >=20 --=20 Berend-Jan Wever http://www.edup.tudelft.nl/~bjwever ------=_Part_10103_25079004.1126427967549 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
Hi all,
 
Research and development has let to a ~90% reliable working exploit fo= r the IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP= is turned off and JavaScript is enabled. Some tweaking might yield an even= higher success ratio. It has also revealed that not only FireFox is vulner= able to this vulnerability, but the exact same exploit works on the latest = releases of all these products based on the Mozilla engine:
 
- Mozilla FireFox 1.0.6 and 1.5beta,
- Mozilla Browser 1.7.11,
- Netscape 8.0.3.3.
 
Recommendations for this vulnerability:
- FireFox and Mozilla: Install the workaround for (https://addons.mozilla.org/message= s/307259.html).
- Netscape: hope they'll respond to this email and r= elease a workaround.
- Wait for a patch and install it asap.
 
Recommendations to make it harder to exploit any FireFox vulnerability= :
- Turn on DEP (Data Execution Prevention),
- Turn off JavaScript,
- Switch to another browser,
- Do not browse untrusted sites,
- Do not browse the web at all,
- Unplug your machine from the web,
- Wear a tinfoil hat.
 
Cheers,
SkyLined

 
On 9/10/05, = Berend-Jan Wever <berend= janwever@gmail.com> wrote:=20
(Just a little heads up, no details or PoC attached)
 
The security vulnerability in Mozilla FireFox reported by Tom Ferris i= s exploitable on Windows.
I developed a working exploit that seems to be 100% stable, though I'v= e only tested it on one system.
The exploit will not be released publicly untill patches are out.=
 
On a side note: it took only about 3 hours and 30 minutes to develop t= he exploit, so I might not be the only one able to write it.
 
Cheers,



--
Berend-Jan Wever <berendjanwever@gmail.com>
http://www.edup.tudelft.nl/~bjwever=20 ------=_Part_10103_25079004.1126427967549--