Another critical hole within the week - does NS protect?

General discussion about the NoScript extension for Firefox
Post Reply
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Another critical hole within the week - does NS protect?

Post by luntrus » Sat Jul 18, 2009 8:34 pm

Hi users of the NoScript extension and forum friends,

After a serious hole was being patched with Firefox 3.5.1, yet another serious hole has been found up within a week's time, that apparently still exists in 3.5.1. The "Unicode Data Remote Stack buffer overflow" was reported July 15th, see the POC here: http://downloads.securityfocus.com/vuln ... 35707.html
According to the Internet Storm Center Fx 3.5.1. is (still) also vulnerable. The exploit is a remote stack-based buffer-overflow vulnerability that can make the browser crash or enable remote code execution, so successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. Is NoScript again protecting us against this one?

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Iron/3.0.189.0 Safari/531.0

User avatar
Giorgio Maone
Site Admin
Posts: 8790
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Another critical hole within the week - does NS protect?

Post by Giorgio Maone » Sat Jul 18, 2009 9:00 pm

Yes it does, as long as you don't whitelist the malicious code as trusted.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729)

luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: Another critical hole within the week - does NS protect?

Post by luntrus » Sat Jul 18, 2009 9:20 pm

Hi Giorgio Maone,

I really did not expect another answer. This again demonstrates that NoScript is an extension that protects users against old and new exploits, and even against vulnerabilities that still have to be dreamt up and lay somewhere in the near and distant future. I as a user of this extension - and I think a lot of users here agree - consider NS as a revolutionairy security concept, even so that I fear to use any browsers that has not got this extension on board,

luntrus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/531.0 (KHTML, like Gecko) Iron/3.0.189.0 Safari/531.0

User avatar
therube
Ambassador
Posts: 7528
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Another critical hole within the week - does NS protect?

Post by therube » Sun Jul 19, 2009 3:01 pm

2nd-hole-found-in-Firefox-35-unicode-Remote-buff-Overflow - Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability

Oh, & for whatever reason, I'm not able to make the "code" from the link you posted act like "html".
When I save, then try to load it, it loads as if it were text?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090716 SeaMonkey/2.0b1pre

Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Another critical hole within the week - does NS protect?

Post by Alan Baxter » Sun Jul 19, 2009 11:22 pm

Mozilla has determined the problem isn't exploitable. The authorities have been notified so they can update their advisories to something less alarming.
http://blog.mozilla.com/security/2009/0 ... 2009-2479/
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1

User avatar
therube
Ambassador
Posts: 7528
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Another critical hole within the week - does NS protect?

Post by therube » Sun Jul 19, 2009 11:35 pm

Perhaps not "exploitable", but if it results in a type of "DoS", or a crash, then in that respect ..."

So it's not an exploit. But the end result to end user while perhaps not as severe as an exploit is still unwanted. (Though I'm sure "exploits" like this are far more common then one might imagine.)

(I suppose Session Restore helps to mitigate things. But then that also kind of relies on having NoScript installed & blocking the site hosting the exploit at the time of the restore.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.1pre) Gecko/20090716 SeaMonkey/2.0b1pre

User avatar
therube
Ambassador
Posts: 7528
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Another critical hole within the week - does NS protect?

Post by therube » Mon Jul 20, 2009 6:09 pm

Here is the Bug 504342 - Investigate milw0rm 9158 "unicode stack overflow".


(Though I'm sure "exploits" like this are far more common then one might imagine.)

Here's another (though fixed in current versions of Mozilla), Memory-hogging bug offers universal browser crash exploit. This exploit/dos/crasher/hole/... they say has existed 9 years now.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22) Gecko/20090605 SeaMonkey/1.1.17

Post Reply