Saturday, September 10, 2005

Firefox Web Links Bugs

Recently, Tom Ferris discovered a major bug in Firefox's handing of web links that may allow a malicous web site to execute malicious code on firefox users' computers. In short, it's called "Host:" Buffer overflow (including proof-of-concept).

It worked like this... Imagine you went to a bad, evil website somewhere in the internet, and the website has a link with extremely long address in it like this: "https:-------------------------------------------------------------... ".

When you clicked on it, the extremely long address will overwhem the NormalizeIDN buffer and spill over the rest of the address (which could include malicous code) into other parts of Firefox.

Remember, this is not the first bug arise from IDN. Another bug from IDN was the IDN spoofing (giving fake address in the address bar), but that bug been fixed by version 1.0.1.

If you don't want to wait for the patch (or Firefox 1.5 with the patch), it only take very, very simple fix with 2 steps:

1) Go to about:config
2) Double-click "network.enableIDN" from TRUE to FALSE.
3) You are done!

I tested the fix myself using the proof-of-concept. The fix worked.

UPDATE: Mozilla posted a formal suggestion of fixes for this IDN bug (including a downloadable temporary patch).

Saturday, September 03, 2005

MouseHole

I found a very interesting program that act as proxy... greasemonkey style. It's named MouseHole. It will work on all web browsers because all HTML traffic will goes through MouseHole proxy and it will modify the HMTL data by using scripts. That way, you don't have to put extension for every internet browser on your computer, or even better... modify all HTML data from internet to your entire home or business network using proxy server with MouseHole running on it (somehow...). The author of MouseHole, WhyTheLuckyStiff, hangs out over at the RedHanded blog. MouseHole 1.1 just recently came out.

However, MouseHole using different coding for their scripts. It is using Ruby, a "interpreted scripting language for quick and easy object-oriented programming". Which mean that all current geasemonkey scripts have to be converted in order to work in MouseHole. For example, my current Mailto Envelope greasemonkey script has been converted to MouseHole script (thank to Christopher T. Osborn). You can see big differences, but can be learned.