Q
queen_not_a_pawn
I am getting two messages on my firewall, with a number of hits. They say:
[Unauthorized Access Attempt] This looks for links with nonascii characters
embedded within them. These links could trigger a buffer overflow on some
versions of Mozilla. I use IE and MSN, all updated. there is Mozilla 4.0 in
the registry, but i don't use it as a browser. These "hts" started when I
when i was investigating a profile thru "the nickname"site:groups.msn.com,
which is pasted in the browser to search for a profile. when the name itself
was "clicked" on to search for profile, it came up with the profile, but when
copied to paper, the name appeared totally different. i cut and pasted the
new name into the profile, and now it apparently has taken me to a site that
back-hacked me. Event descriotions are: By creating a specially-crafted URL
request containing non-ascii characters, a remote attacker could overflow a
buffer and execute arbitrary code on the system, once the link is clicked. An
attacker could exploit this vulnerability by hosting the malicious URL on a
Web site..." and "Multiple heap-based buffer overflows in Mozilla Firefox
before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8
allow remote attackers to cause a denial of service (application crash) or
execute arbitrary code via (1) the "Send page" functionality, (2) certain
responses from a malicious POP3 server, or (3) a link containing a non-ASCII
hostname." (sorry this note is so long) These have continued since last nite.
my firewall alarms me but i cant tell if it is blocking them. what do i do
and how do i report this person?
[Unauthorized Access Attempt] This looks for links with nonascii characters
embedded within them. These links could trigger a buffer overflow on some
versions of Mozilla. I use IE and MSN, all updated. there is Mozilla 4.0 in
the registry, but i don't use it as a browser. These "hts" started when I
when i was investigating a profile thru "the nickname"site:groups.msn.com,
which is pasted in the browser to search for a profile. when the name itself
was "clicked" on to search for profile, it came up with the profile, but when
copied to paper, the name appeared totally different. i cut and pasted the
new name into the profile, and now it apparently has taken me to a site that
back-hacked me. Event descriotions are: By creating a specially-crafted URL
request containing non-ascii characters, a remote attacker could overflow a
buffer and execute arbitrary code on the system, once the link is clicked. An
attacker could exploit this vulnerability by hosting the malicious URL on a
Web site..." and "Multiple heap-based buffer overflows in Mozilla Firefox
before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8
allow remote attackers to cause a denial of service (application crash) or
execute arbitrary code via (1) the "Send page" functionality, (2) certain
responses from a malicious POP3 server, or (3) a link containing a non-ASCII
hostname." (sorry this note is so long) These have continued since last nite.
my firewall alarms me but i cant tell if it is blocking them. what do i do
and how do i report this person?