| | site-map | e-mail

User:

Guest

Name: Password:

www.center.hu / Archive / Security news / january, 2005 / Mozilla version 1.7.5 corrects flaw in NNTP 

Mozilla version 1.7.5 corrects flaw in NNTP

Mozilla version 1.7.5 corrects flaw in NNTP

Madrid, January 4 2005 - According to SecuriTeam, a security problem has been detected in version 1.7.3 and earlier of Mozilla that could allow an attacker to cause a denial of service attack or execute arbitrary code. The vulnerability has been corrected in version 1.7.5 of Mozilla (*), and users of affected systems are advised to install it.

This security problem has been detected in the module that supports Network News Transport Protocol (NNTP), the protocol used to administer messages in newsgroups. Due to this, an attacker could cause an overflow, creating an overlong ˝news://˝-type link.

If a user with a vulnerable version of Mozilla installed on their computer were to select the attacker´s link, it could cause a denial of service in the browser, or, worse still, allow arbitrary code to be run on the system.

(*) Version 1.7.5 of Mozilla is available at: http://www.mozilla.org/products/mozilla1.x/  

Oxygen3 24h-365d
by Panda Software

2005-01-05 10:17

Back