Signature Detail
Short Name |
HTTP:STC:MOZILLA:HOST-MAL-IDN |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Mozilla Firefox Host IDN Illegal Character |
Release Date |
2005/09/13 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Mozilla Firefox Host IDN Illegal Character
This signature detects attempts to exploit a known vulnerability in the Mozilla browser family. An attacker can configure a host with a malicious Web page that, when visited, can crash the browser viewing the page or can execute arbitrary code.
Extended Description
Mozilla/Netscape/Firefox are reported prone to a remote buffer-overflow vulnerability when handling a malformed URI. A successful attack may result in a crash of the application or the execution of arbitrary code. Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla 1.7.11 and Netscape 8.0.3.3 and 7.2 are affected as well.
Affected Products
- Conectiva Linux 10.0.0
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Gentoo Linux
- HP HP-UX B.11.00
- HP HP-UX B.11.11
- HP HP-UX B.11.22
- HP HP-UX B.11.23
- Mandriva Linux Mandrake 10.2.0
- Mandriva Linux Mandrake 10.2.0 X86 64
- Mandriva Linux Mandrake 2006.0.0
- Mandriva Linux Mandrake 2006.0.0 X86 64
- Mozilla Browser 1.7.0
- Mozilla Browser 1.7.0 Alpha
- Mozilla Browser 1.7.0 Beta
- Mozilla Browser 1.7.0 Rc1
- Mozilla Browser 1.7.0 Rc2
- Mozilla Browser 1.7.0 Rc3
- Mozilla Browser 1.7.1
- Mozilla Browser 1.7.10
- Mozilla Browser 1.7.11
- Mozilla Browser 1.7.2
- Mozilla Browser 1.7.3
- Mozilla Browser 1.7.4
- Mozilla Browser 1.7.5
- Mozilla Browser 1.7.6
- Mozilla Browser 1.7.7
- Mozilla Browser 1.7.8
- Mozilla Browser 1.7.9
- Mozilla Firefox 1.0.6
- Mozilla Firefox 1.5.0 Beta 1
- Mozilla Thunderbird 1.0.6
- Netscape Browser 8.0.3 .3
- Netscape 7.2.0
- Netscape 8.0.3 .3
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora Core1
- Red Hat Fedora Core2
- Red Hat Fedora Core3
- Red Hat Fedora Core4
- Red Hat Linux 7.3.0
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 7.3.0 I686
- Red Hat Linux 9.0.0 I386
- SGI ProPack 3.0.0 SP6
- Slackware Linux 10.0.0
- Slackware Linux 10.1.0
- Slackware Linux 10.2.0
- Slackware Linux -Current
- Turbolinux Home
- Turbolinux Multimedia
- Turbolinux 10 F...
- Turbolinux Turbolinux Desktop 10.0.0
- Turbolinux Turbolinux Server 10.0.0
- Ubuntu Ubuntu Linux 4.1.0 Ia32
- Ubuntu Ubuntu Linux 4.1.0 Ia64
- Ubuntu Ubuntu Linux 4.1.0 Ppc
- Ubuntu Ubuntu Linux 5.0.0 4 Amd64
- Ubuntu Ubuntu Linux 5.0.0 4 I386
- Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
References
- BugTraq: 14784
- CVE: CVE-2005-2871
- URL: http://www.security-protocols.com/advisory/sp-x17-advisory.txt