Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing (backslash) character, which prevents a string from being NULL terminated.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mozilla | Mozilla | * | * |
Mozilla | Mozilla | 1.3 (including) | 1.3 (including) |
Mozilla | Mozilla | 1.4 (including) | 1.4 (including) |
Mozilla | Mozilla | 1.4-alpha (including) | 1.4-alpha (including) |
Mozilla | Mozilla | 1.4.1 (including) | 1.4.1 (including) |
Mozilla | Mozilla | 1.5 (including) | 1.5 (including) |
Mozilla | Mozilla | 1.5-alpha (including) | 1.5-alpha (including) |
Mozilla | Mozilla | 1.5-rc1 (including) | 1.5-rc1 (including) |
Mozilla | Mozilla | 1.5-rc2 (including) | 1.5-rc2 (including) |
Mozilla | Mozilla | 1.5.1 (including) | 1.5.1 (including) |
Mozilla | Mozilla | 1.6 (including) | 1.6 (including) |
Mozilla | Mozilla | 1.6-alpha (including) | 1.6-alpha (including) |
Mozilla | Mozilla | 1.6-beta (including) | 1.6-beta (including) |
Mozilla | Mozilla | 1.7 (including) | 1.7 (including) |
Mozilla | Mozilla | 1.7-alpha (including) | 1.7-alpha (including) |
Mozilla | Mozilla | 1.7-beta (including) | 1.7-beta (including) |
Mozilla | Mozilla | 1.7-rc1 (including) | 1.7-rc1 (including) |
Mozilla | Mozilla | 1.7-rc2 (including) | 1.7-rc2 (including) |
Mozilla | Mozilla | 1.7-rc3 (including) | 1.7-rc3 (including) |
Mozilla | Mozilla | 1.7.1 (including) | 1.7.1 (including) |
Mozilla | Mozilla | 1.7.2 (including) | 1.7.2 (including) |
Mozilla | Mozilla | 1.7.3 (including) | 1.7.3 (including) |
Red Hat Enterprise Linux 2.1 | RedHat | mozilla | * |
Red Hat Enterprise Linux 3 | RedHat | mozilla | * |
Mozilla | Ubuntu | edgy | * |