lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 9 Jun 2009 15:01:44 -0700
From: Michal Zalewski <lcamtuf@...edump.cx>
To: bugtraq <bugtraq@...urityfocus.com>,
	full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: catching up on several recently fixed bugs of note

Hi all,

I am way behind on this, so I wanted to drop a quick note regarding
some of my vulnerabilities recently addressed by browser vendors - and
provide some possibly interesting PoCs / fuzzers to go with them:

Summary  : MSIE same-origin bypass race condition (CVE-2007-3091)
Impact   : security bypass, possibly more
Reported : June 2007 (publicly)
PoC URL  : http://lcamtuf.coredump.cx/ierace/
Bulletin : http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx
Notes    : additional credit to David Bloom for developing an improved
proof-of-concept exploit

Summary  : MSIE memory corruption on page transitions
Impact   : memory corruption, potential code execution
Reported : April 2008 (privately)
PoC URL  : http://lcamtuf.coredump.cx/stest/ (fuzzers)
Bulletin : http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
Notes    : -

Summary  : multiple browsers <CANVAS> implementation crashes
(CVE-2008-2321, ???)
Impact   : memory corruption, potential code execution
Reported : February 2008 (privately)
PoC URL  : http://lcamtuf.coredump.cx/canvas/ (fuzzer)
Bulletin : http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html
Bulletin : http://www.opera.com/support/kb/view/882/
Notes    : also some DoS issues in Firefox

Summary  : Safari page transition tailgating (CVE-2009-1684)
Impact   : page spoofing, navigation target disclosure
Reported : February 2008 (privately)
PoC URL  : http://lcamtuf.coredump.cx/sftrap2/
Bulletin : http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html
Notes    : -

Cheers,
/mz

Powered by blists - more mailing lists