Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file

From: Andrew Redman <aredman_at_nospam>
Date: Tue May 01 2007 - 21:29:26 GMT
To: full-disclosure@lists.grok.org.uk

Nothing exciting to report on OS X 10.4 / fully patched / PPC. Kind of broke the properties dialog for the link, and used some cpu, but definitely caused no crashing.

On WinXP Norton real time protection detected the file in cache as a 'hack tool.' I disabled that, but Firefox refused to return to the page afterward.

Andrew

carl hardwick wrote:
> Product: Firefox 2.0.0.3
> Description: Out-of-bounds memory access via specialy crafted html file
> Type: Remote
>
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
>
> Proof Of Concept exploit:
> http://www.critical.lt/research/opera_die_happy.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: zdi-disclosures_at_nospam: "[Full-disclosure] ZDI-07-023: Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability"
Previous message: Stan Bubrouski: "Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file"
In reply to: carl hardwick: "[Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]