Page 1 of 1

Another critical hole within the week - does NS protect?

Posted: Sat Jul 18, 2009 8:34 pm
by luntrus
Hi users of the NoScript extension and forum friends,

After a serious hole was being patched with Firefox 3.5.1, yet another serious hole has been found up within a week's time, that apparently still exists in 3.5.1. The "Unicode Data Remote Stack buffer overflow" was reported July 15th, see the POC here: http://downloads.securityfocus.com/vuln ... 35707.html
According to the Internet Storm Center Fx 3.5.1. is (still) also vulnerable. The exploit is a remote stack-based buffer-overflow vulnerability that can make the browser crash or enable remote code execution, so successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. Is NoScript again protecting us against this one?

luntrus

Re: Another critical hole within the week - does NS protect?

Posted: Sat Jul 18, 2009 9:00 pm
by Giorgio Maone
Yes it does, as long as you don't whitelist the malicious code as trusted.

Re: Another critical hole within the week - does NS protect?

Posted: Sat Jul 18, 2009 9:20 pm
by luntrus
Hi Giorgio Maone,

I really did not expect another answer. This again demonstrates that NoScript is an extension that protects users against old and new exploits, and even against vulnerabilities that still have to be dreamt up and lay somewhere in the near and distant future. I as a user of this extension - and I think a lot of users here agree - consider NS as a revolutionairy security concept, even so that I fear to use any browsers that has not got this extension on board,

luntrus

Re: Another critical hole within the week - does NS protect?

Posted: Sun Jul 19, 2009 3:01 pm
by therube
2nd-hole-found-in-Firefox-35-unicode-Remote-buff-Overflow - Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability

Oh, & for whatever reason, I'm not able to make the "code" from the link you posted act like "html".
When I save, then try to load it, it loads as if it were text?

Re: Another critical hole within the week - does NS protect?

Posted: Sun Jul 19, 2009 11:22 pm
by Alan Baxter
Mozilla has determined the problem isn't exploitable. The authorities have been notified so they can update their advisories to something less alarming.
http://blog.mozilla.com/security/2009/0 ... 2009-2479/

Re: Another critical hole within the week - does NS protect?

Posted: Sun Jul 19, 2009 11:35 pm
by therube
Perhaps not "exploitable", but if it results in a type of "DoS", or a crash, then in that respect ..."

So it's not an exploit. But the end result to end user while perhaps not as severe as an exploit is still unwanted. (Though I'm sure "exploits" like this are far more common then one might imagine.)

(I suppose Session Restore helps to mitigate things. But then that also kind of relies on having NoScript installed & blocking the site hosting the exploit at the time of the restore.)

Re: Another critical hole within the week - does NS protect?

Posted: Mon Jul 20, 2009 6:09 pm
by therube
Here is the Bug 504342 - Investigate milw0rm 9158 "unicode stack overflow".


(Though I'm sure "exploits" like this are far more common then one might imagine.)

Here's another (though fixed in current versions of Mozilla), Memory-hogging bug offers universal browser crash exploit. This exploit/dos/crasher/hole/... they say has existed 9 years now.