New Security Flaw Hits Firefox

by CXOtoday Staff    Sep 13, 2005

A new unpatched security flaw has been reported in the Firefox browser. The development comes in the wake of the newly released beta of version 1.5, which is supposed to meet several security issues.

Security researcher Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a user’s system, reports security firm Secunia.

The vulnerability is caused due to an error in the handling of an IDN URLs that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow, claims the Secunia advisory.

Successful exploitation crashes Firefox and may allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.

The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1. According to Secunia, the vendor recommends setting the preference “network.enableIDN” to false. This can be done in the “prefs.js” file or using “about:config”.

Tags: Firefox