[40352] in bugtraq
RE: [Full-disclosure] FireFox Host: Buffer Overflow is not
daemon@ATHENA.MIT.EDU (Juha-Matti Laurio)
Fri Sep 16 18:43:20 2005
Message-ID: <13912634.1126823133065.JavaMail.juha-matti.laurio@netti.fi>
Date: Fri, 16 Sep 2005 01:25:33 +0300 (EEST)
From: Juha-Matti Laurio <juha-matti.laurio@netti.fi>
To: pkr@csis.dk
Cc: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; Charset=iso-8859-1; Format=Flowed
Content-Transfer-Encoding: 7bit
> Hi Juha!
>
> > I have informed the vendor Netscape being affected on 9th
> > September 2005.
>
> I did the same on the 10th of September - still no reply nor official
> statement from Netscape which makes me a little worried.
Good to know. It seems that's their way to act.
They had a coverage Security Center wp.netscape.com/security/index.html
earlier, but all these wp.netscape.com pages redirect to Netscape
Browser 8.0 Main Page when writing this.
> > Disabling IDN support via about:config (or prefs.js file) is
> > possible in Netscape Browser 8 too. Xpi file for Firefox and
>
> Correct. I reported that workaround on the 10th of September.
>
> I did so using both the security address at netscape.com and the "submission
> form" on Netscape's official webpage. I never got any reply/respons from
> netscape.
Yes, I have similar experiences. I have information that they are
reading their bug report submissions, however.
> Netscape uses the same rendering engine as Firefox (unless explicitly told
> to use IE) and as such, will also be vulnerable. The workaround, covered by
> the Mozilla Team, will correct the problem simply by disabling IDN.
>
> Regards
> Peter Kruse
Thanks for sharing the word.
- Juha-Matti
