HTTP: Mozilla NNTP URL Handling Buffer Overflow
A vulnerability has been reported in the way the Mozilla browser handles NNTP URLs. Due to insufficient input validation, a specially crafted URI using the scheme news:// can overflow a heap buffer. By enticing a user to follow a specially crafted NNTP URI, an attacker can remotely exploit this vulnerability in a way that allows for code injection and execution with the privileges of the currently logged in user. In a simple exploit attempt, an instance of a vulnerable Mozilla browser will open a connection with the server listening at the address and the port provided in the specially crafted news:// URI. When the vulnerable function is called to process the commands embedded in the URI, the application will terminate with a memory access violation error. In a more sophisticated attack case, the process flow can be diverted allowing for arbitrary code execution. In such a case, the behaviour of the target is dependent on the nature of the injected code.
Extended Description
A remote heap-overflow vulnerability affects Mozilla Browser's network news transport protocol (NNTP) functionality. This issue is due to the application's failure to properly validate the length of user-supplied strings before copying them into dynamically allocated process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Affected Products
Mozilla browser
Short Name
HTTP:STC:MOZILLA:NNTP-URL
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2004-1316 Handling Mozilla NNTP Overflow URL bid:12131
Release Date
01/09/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Sgi
Hp
Mozilla
Suse
CVSS Score
5.0