CERT Advisory 7/22/2003: Mozilla Root Compromise (Score -1, Offtopic)

CERT has issued an advisory related to a root hole in all versions of Mozilla through the 1.5 beta, exploiting an unchecked buffer in the DNS reply parser. Exploits have been released publicly and are currently being used to compromise machines and propagate further attacks. All users of the Mozilla web browser are encouraged to upgrade now. The Gaping Security Hole is pictured in Figure 1.

*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_g_o_a_t_s_e_x_*_
g_______________________________________________g_ _
o_/_____\_____________\____________/____\_______o_ _
a|_______|_____________\__________|______|______a_ _
t|_______`._____________|_________|_______:_____t_ _
s`________|_____________|________\|_______|_____s_ _
e_\_______|_/_______/__\\\___--___\\_______:____e_ _
x__\______\/____--~~__________~--__|_\_____|____x_ _
*___\______\_-~____________________~-_\____|____*_ _
g____\______\_________.--------.______\|___|____g_ _
o______\_____\______//_________(_(__>__\___|____o_ _
a_______\___.__C____)_________(_(____>__|__/____a_ _
t_______/\_|___C_____)/______\_(_____>__|_/_____t_ _
s______/_/\|___C_____)___ISA_|__(___>___/__\____s_ _
e_____|___(____C_____)\______/__//__/_/_____\___e_ _
x_____|____\__|_____\\_________//_(__/_______|__x_ _
*____|_\____\____)___`----___--'_____________|__*_ _
g____|__\______________\_______/____________/_|_g_ _
o___|______________/____|_____|__\____________|_o_ _
a___|_____________|____/_______\__\___________|_a_ _
t___|__________/_/____|_________|__\___________|t_ _
s___|_________/_/______\__/\___/____|__________|s_ _
e__|_________/_/________|____|_______|_________|e_ _
x__|__________|_________|____|_______|_________|x_ _
FIGURE 1

Why this wasn't found and patched earlier is a mystery to me.


GSA PUBLIC KEY
asl;dfhlaskhdflkhasdflkasdhkflhasldfhjaskhdkf jhasdfkhahsdfy90y08fy08aw3408g0nb0h0bh00bhf00f0abh 0a0hfh0gh0aifhsdhghkasdkkchxnvnlasdf0g8y00a8b908fd halnblldvbnxcv8b08df-0b8--a8dfganslenal34n,mfnbmnx lkbn0adfbn8a8m-d-bh-a-npsnk33nkknlaw34nlkkljlkajkb j-9cv-b90a9-c-9adf-9b9a-9-9n3nkaklnFUCK TACO FUCK TACO FUCK TACO al;skdjflkasjd0gyb08cbxh08bhlxkbhlk3halasjdhfjlhas ;dfh;jlasdfjhasgjhgjhgjhogjhjhkhjjhbnhkhjhnfjjhfjk jknjfkjgnfjkljnh jfjhfhjfjfhghjlkjjhjlasdhf;lllllhhhahhhfalsa230pa3 h8-hwpvjdfnadfbh08xc0yb80xaho;bj4fn aj3bjabj;b0xc8[0x8fbyaiobf3jlwbjlwsbjlfasdflab79xp c7aguj;xkcbvs0x8y0kjaasbkdbnkjbaxxvna0r-0s-0d--f TENTACLE RAPE jfda8sd0f0a8sdhf-8as-dg0a=[nxlkncvl;na08rgvh-a9psd g ahsld0aac-x9bxcbn CLAIM FAILED lkjasfdnogvobxcaaax-98xccccccanpigasasdgn;occ8-ax9 jdsagne4o3n------9napisdamdn;jlansld DEFAULT CATCH asl;idkn0s08a008sd8f0cchcxchhd0as0d-fa-j3nnl3knlax 0c-8jsalejnfas800dg-0afg-a8u93ha;kjhq;j123e;qmnseu dfh0agg089asd-9c-x xcuihlkhslbhmhblkhcx08c-0x-080bh3km,