Mozilla Buffer Overflow in Processing NNTP URLs Lets Remote Users Execute Arbitrary Code
Description: A heap overflow vulnerability was reported in Mozilla in the processing of NNTP URLs. A remote user can execute arbitrary code on the target system.
Maurycy Prodeus of iSEC Security Research reported that a remote user can create a specially crafted 'news://' URL that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
The flaw resides in the *MSG_UnEscapeSearchUrl() function in 'nsNNTPProtocol.cpp'.
The original advisory is available at: http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
Impact: A remote user can create a URL that, when loaded by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.
Solution: The vendor has issued a fixed version (1.7.5), available at: http://www.mozilla.org/products/mozilla1.x/