Bug#327366: epiphany-browser: Susceptible to mozilla-firefox "Host:" buffer overflow?

Sam Morris sam at robots.org.uk
Fri Sep 9 15:50:30 UTC 2005 

Package: epiphany-browser
Version: 1.6.5-1
Severity: grave
Tags: security
Justification: user security hole

>From <http://lwn.net/Articles/150999/>:

A buffer overflow vulnerability exists within Firefox version 1.0.6 and 
all other prior versions which allows for an attacker to remotely execute 
arbitrary code on an affected host.

The problem seems to be when a hostname which has all dashes causes the 
NormalizeIDN call in nsStandardURL::BuildNormalizedSpec to return true, 
but is sets encHost to an empty string.

On my system, attempting to load the example URL causes Epiphany to freeze:
<http://www.security-protocols.com/firefox-death.html>

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages epiphany-browser depends on:
ii  dbus-1                 0.23.4-1          simple interprocess messaging syst
ii  dbus-glib-1            0.23.4-1          simple interprocess messaging syst
ii  debconf                1.4.30.13         Debian configuration management sy
ii  gconf2                 2.10.1-1          GNOME configuration database syste
ii  gnome-icon-theme       2.10.1-2          GNOME Desktop icon theme
ii  iso-codes              0.44-1            ISO language, territory, currency 
ii  libart-2.0-2           2.3.17-1          Library of functions for 2D graphi
ii  libatk1.0-0            1.10.1-2          The ATK accessibility toolkit
ii  libbonobo2-0           2.8.1-2           Bonobo CORBA interfaces library
ii  libbonoboui2-0         2.10.0-1          The Bonobo UI library
ii  libc6                  2.3.5-6           GNU C Library: Shared libraries an
ii  libgcc1                1:4.0.1-6         GCC support library
ii  libgconf2-4            2.10.1-1          GNOME configuration database syste
ii  libglade2-0            1:2.5.1-2         library to load .glade files at ru
ii  libglib2.0-0           2.8.0-1           The GLib library of C routines
ii  libgnome-desktop-2     2.10.2-1          Utility library for loading .deskt
ii  libgnome2-0            2.10.1-1          The GNOME 2 library - runtime file
ii  libgnomecanvas2-0      2.10.2-2          A powerful object-oriented display
ii  libgnomeui-0           2.10.1-1          The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0         2.10.1-5          The GNOME virtual file-system libr
ii  libgtk2.0-0            2.6.10-1          The GTK+ graphical user interface 
ii  libice6                4.3.0.dfsg.1-14   Inter-Client Exchange library
ii  liborbit2              1:2.12.2-1        libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0          1.8.2-1           Layout and rendering of internatio
ii  libpopt0               1.7-5             lib for parsing cmdline parameters
ii  libsm6                 4.3.0.dfsg.1-14   X Window System Session Management
ii  libstartup-notificatio 0.8-1             library for program launch feedbac
ii  libstdc++5             1:3.3.5-13        The GNU Standard C++ Library v3
ii  libx11-6               4.3.0.dfsg.1-14   X Window System protocol client li
ii  libxml2                2.6.20-1          GNOME XML library
ii  libxslt1.1             1.1.14-1          XSLT processing library - runtime 
ii  mozilla-browser        2:1.7.8-1sarge1   The Mozilla Internet application s
ii  mozilla-psm            2:1.7.8-1sarge1   The Mozilla Internet application s
ii  xlibs                  4.3.0.dfsg.1-14   X Keyboard Extension (XKB) configu
ii  zlib1g                 1:1.2.2-4.sarge.2 compression library - runtime

-- no debconf information

More information about the Pkg-gnome-maintainers mailing list