绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

Mozilla/Netscape/Firefox浏览器域名远程溢出漏洞

发布日期：2005-09-13
更新日期：2005-10-20

受影响系统：

Mozilla Browser 1.7.11
Netscape Netscape 8.0.3.3
Netscape Netscape 7.2
Mozilla Firefox 1.5 Beta1
Mozilla Firefox 1.0.6

不受影响系统：

Mozilla Browser 1.7.12
Mozilla Firefox 1.0.7

描述：

BUGTRAQ  ID: 14784
CVE(CAN) ID: CVE-2005-2871

Mozilla/Netscape/Firefox都是非常流行的WEB浏览器。

Mozilla/Netscape/Firefox在处理畸形URI时存在远程溢出漏洞，成功利用这个漏洞的攻击者可以导致崩溃或执行任意代码。

全部为连字符的主机名会导致nsStandardURL::BuildNormalizedSpec中的NormalizeIDN调用返回真值，但将encHost设置为空字符串。也就是说，Firefox将0值附给approxLen然后将超长的连字符字符串附加到缓冲区。

<*来源：Tom Ferris （tommy@security-protocols.com）

  链接：http://marc.theaimsgroup.com/?l=full-disclosure&m=112624614008387&w=2
        http://lwn.net/Alerts/151224/?format=printable
        http://lwn.net/Alerts/151223/?format=printable
        http://security.gentoo.org/glsa/glsa-200509-11.xml
        http://www.debian.org/security/2005/dsa-868
*>

建议：

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-868-1）以及相应补丁:
DSA-868-1：New Mozilla Thunderbird packages fix several vulnerabilities
链接：http://www.debian.org/security/2005/dsa-868

补丁下载：
Source archives:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
Size/MD5 checksum:      997 303ed28d7dac19a27a47c23819f80bd7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
Size/MD5 checksum:   210991 79fbaf89373ea1d4698942f289b556d2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum: 12829612 e50199388042e84de94d2b015484fedc
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum:  3269804 1b50a6a5ca2df178025f4bfb9e72ef7d
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum:   145778 4bffbad43fba608ae24f64b36d936c99
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum:    27290 f979f0128931281a2eb004910b8ba5c8
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_alpha.deb
Size/MD5 checksum:    83080 d39767ad00fc79d6dd014d20aa2b94e9

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum: 12240810 5ac70842faf52d027c0376bc5d4f60e5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum:  3270622 60d3f2eecebb4806bfaef54db73d26c6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum:   144798 152536a2fa4d71b41a73f614824809c5
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum:    27280 21aaf659e40e08d2434fca10e8a97a5b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_amd64.deb
Size/MD5 checksum:    82972 dc0c6b48cbbdc2c0f39e30ab930ac612

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum: 10328712 2e587b8809aeda36023974b42693e4f2
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum:  3265014 ce2fcff9b73b5c2ba69ad3a8c47fdd83
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum:   136886 b13673a24d714b375b54c17ce7a8a308
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum:    27308 a2a3d30505885a521b703b99b40ebd66
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_arm.deb
Size/MD5 checksum:    74954 039d4f13961625a42dbeaac125e0a125

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum: 11550326 fc8572c0a89b914fc288fd638e224213
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum:  3497080 02fbded3b5e503def6c29f32c34b24d1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum:   140456 a90c517acdcaf177b4585cf8f9e35344
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum:    27286 ec039bd40938c0d6bb87874cc8703c25
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
Size/MD5 checksum:    81696 ecf0d09362306bcd6c8a65c2e779f792

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum: 14602590 f69ca59b99191b96a3a8dbd69f2652b1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum:  3284198 ea4287ce4ba1b6f36ab96d419528d8e3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum:   149120 8c288112472ef49da43cdfd24b9524ac
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum:    27286 789de6fbe31cf969076e3ef19bcc9319
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_ia64.deb
Size/MD5 checksum:   100774 b27c9fb9fef1cb19959953d8cb13e74a

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum: 13550208 82ea35b6046092051ee9e7212f160403
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum:  3275452 06778a5a45f737f5f0fffa8f7e2648f1
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum:   147020 9ebbdd2d3bc44c45d0752c62c68e527e
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum:    27294 2a7860aedde7c3535fd19105121c2043
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_hppa.deb
Size/MD5 checksum:    90916 4a602f8c63d22f80fabb10e2019402e2

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum: 10774276 d3ea2f30a593a8ec702230168a59fc24
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum:  3263230 5757de718fb0c34c9db6affcb554068f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum:   138658 6f3f3b329ee12275eb6eea3be2d9c59a
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum:    27318 b9e4fe5b540bc544eab853b8077cc2d3
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_m68k.deb
Size/MD5 checksum:    76178 8aa668acaf233693e6bc55d3d3f983e0

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum: 11933302 e1859aeb3cba8f716f6358499c79a6c6
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum:  3269570 383accb42b1d5cb16ed669ebdeea3db0
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum:   141722 f94d559a76c4488fd29ca08f2a5aa2e4
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum:    27288 d44eb068d5211f6ec32a912c7158b95c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mips.deb
Size/MD5 checksum:    78500 cf4e68bdc3956dc3ad780ed88188667c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum: 11793468 99b3eb9576dc324920f2217c9eb153ef
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum:  3270338 5c13a33de951afe85fed1adb014be4ab
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum:   141292 8fe41e9685ddbdd396fd73354867f49b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum:    27304 3f96914c37025c901090a86cb6a2fc07
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mipsel.deb
Size/MD5 checksum:    78350 37448dc23ebcf8d8a7a5431d579c6670

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum: 10892752 c4642646840672162e058dd2ca7a3309
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum:  3263168 6e5b333f01170824eaf06b219caea6ab
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum:   138680 ff10d8c364f08f8d6dbf3c01c1aa19df
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum:    27296 1112ef17ba7fcd97b5e9ef96ea2a03ab
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_powerpc.deb
Size/MD5 checksum:    75032 6083403690046238fa54fb19262f19da

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum: 12685000 d9dcc7200f471840874dd933e327d6ea
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum:  3270478 c7164fc9fc49387916f7d4f2d46d369f
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum:   145108 766d10f0d52d8f877ae10291c7f092a7
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum:    27292 5d5a68b544e284c162476096ea263eda
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_s390.deb
Size/MD5 checksum:    82992 8648e3e4157d11344b483d3997156af0

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum: 11157174 d19fc8bcdc091d58abac26844734568b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum:  3267158 1f4f1ab1f525c261be893df79a77639b
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum:   138358 eeb8d91cc46daf6020a7f60d17ccdb7c
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum:    27304 9786860d3265d8dd03c964df8afbc5ab
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_sparc.deb
Size/MD5 checksum:    76782 7231203489126cc4f3ad6d68fa863783

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

Mozilla
-------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

* Mozilla Patch 307259.xpi
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.6/patches/307259.xpi

* Mozilla Upgrade Firefox 1.0.7
http://www.mozilla.org/products/firefox/

* Mozilla Upgrade Mozilla 1.7.12
http://www.mozilla.org/products/mozilla1.x/

Gentoo
------
Gentoo已经为此发布了一个安全公告（GLSA-200509-11）以及相应补丁:
GLSA-200509-11：Mozilla Suite, Mozilla Firefox: Buffer overflow
链接：http://security.gentoo.org/glsa/glsa-200509-11.xml

所有Mozilla Firefox用户都应:

emerge --sync

emerge --ask --oneshot --verbose">=www-client/mozilla-firefox-1.0.6-r7"

所有Mozilla Suite用户都应:

emerge --sync

emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.11-r3"

浏览次数：4739
严重程度：10（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客