The vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.
Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.
The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1.
SOFTWARE:
Mozilla Firefox 1.x
SOLUTION:
Don't browse untrusted web sites.
PROVIDED AND/OR DISCOVERED BY:
Tom Ferris
ORIGINAL ADVISORY:
http://security-protocols.com/advisory/sp-x17-advisory.txt
VERIFY ADVISORY:
http://secunia.com/advisories/16764/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050910160508353