Signature Detail

HTTP: Mozilla NNTP URL Handling Buffer Overflow1

A vulnerability has been reported in the way the Mozilla browser handles NNTP URLs. Due to insufficient input validation, a specially crafted URI using the scheme news:// can overflow a heap buffer. By enticing a user to follow a specially crafted NNTP URI, an attacker can remotely exploit this vulnerability in a way that allows for code injection and execution with the privileges of the currently logged in user. In a simple exploit attempt, an instance of a vulnerable Mozilla browser will open a connection with the server listening at the address and the port provided in the specially crafted news:// URI. When the vulnerable function is called to process the commands embedded in the URI, the application will terminate with a memory access violation error. In a more sophisticated attack case, the process flow can be diverted allowing for arbitrary code execution. In such a case, the behaviour of the target is dependent on the nature of the injected code.