lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri Sep  9 16:25:13 2005
From: ipatches at hushmail.com (ipatches@...hmail.com)
Subject: Mozilla Firefox "Host:" Buffer Overflow

n e w s wrote:

>Heikki Toivonen wrote:
>
>>Tom Ferris wrote:
>>  
>>
>>>Vendor Status:
>>>Mozilla was notified, and im guessing they are working on a 
patch. Who 
>>>knows though?
>>>    
>>>
>>
>>That seems like a gross mischaracterization, at least by looking 
at the 
>>Bugzilla bug filed by you which I believe this corresponds to. 
The bug 
>>was reported two days ago (Sep 6), the first comment came less 
than an 
>>hour after that, and the first attempted fix was attached less 
than two 
>>hours after the bug was filed. Further comments explained how it 
was 
>>proving hard to find what and where was actually going wrong to 
put in 
>>the right fix. 10 replies total in less than two days. To me it 
seems 
>>obvious work is being done.
>>
>>  
>>
>>------------------------------------------------------------------
------
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>Hi, I was looking for the Firefox bug report mentioned, and
>after searching for quite some time was not able to find the
>thread on Bugzilla.  Not sure if I am doing something wrong,
>but if someone has a link to the url of Tom's post to
>Bugzilla, I'd be grateful if the link found its way onto
>this list.  TIA!
>
>
>n e w s
I could neither find it but it appears same to 
https://bugzilla.mozilla.org/show_bug.cgi?id=267669. Maybe he uses 
mangleme also? Also I want to know from where he copied Technical 
Details? Maybe it just crash 0xadc2adc2 only is kernel space.




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ