Description
===========
CAN-2005-2871:
Buffer overflow in Mozilla Firefox and Mozilla Suite and earlier
allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a hostname with all dashes, which
is not properly handled by the NormalizeIDN call in
nsStandardURL::BuildNormalizedSpec.
Affected packages
=================
firefox and mozilla in all grimoires are affected. mozilla was updated
to 1.7.12 and firefox to 1.0.7 in all grimoires.
All firefox users should upgrade to the latest available version:
# scribe update
# cast -c firefox
All mozilla users should upgrade to the latest available version:
# scribe update
# cast -c mozilla
References
==========
[ 1 ] CAN-2005-2871
http://nvd.nist.gov/nvd.cfm?cvename=CAN-2005-2871
[ 2 ] What Firefox and Mozilla users should know about the IDN
buffer overflow security issue
https://addons.mozilla.org/messages/307259.html
--
Thomas Houssin
Security Team Leader Source Mage GNU/Linux (http://www.sourcemage.org)
Key fingerprint = 3CB8 3FC4 840D B272 E623 BCB8 54DB F4E3 4240 4C36
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42404C36
signature.asc
Description: OpenPGP digital signature
_______________________________________________
SM-Security mailing list
SM-Security@xxxxxxxxxxxxxxxxx
http://lists.ibiblio.org/mailman/listinfo/sm-security
| 
