Check Point Advisories

Mozilla Browser Non-ASCII Hostname Heap Overflow - Ver2 (CVE-2004-0902)

Check Point Reference: CPAI-2004-183
Date Published: 18 May 2015
Severity: Critical
Last Updated: Monday 18 May, 2015
Source:
Industry Reference:CVE-2004-0902
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Mozilla and Firefox are popular open-source web browsers produced by the Mozilla Foundation. Thunderbird is an e-mail client produced by the Mozilla Foundation. Netscape is a web browser produced by Netscape Communication Corp. These products are all based on the Gecko browser engine. A vulnerability exists in the way several versions of the Mozilla browser parse URL strings containing unallowed characters. If a component of a URL contains such characters, a memory allocation error occurs, resulting in a buffer overflow. A remote attacker could leverage this vulnerability to perform arbitrary code execution on the target system. In the case of a simple attack, the application may crash, creating a denial of service condition. In the case of a more sophisticated attack, involving successfull code injection, the attacker could gain control of the current process. The actual behavior of the attack target in this case depends on the actual exploit code injected by an attacker.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Mozilla Browser Non-ASCII Hostname Heap Overflow - Ver2 protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Mozilla Browser Non-ASCII Hostname Heap Overflow - Ver2

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK