lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat Sep 17 14:59:17 2005
From: gautam.bipin at gmail.com (Bipin Gautam)
Subject: FireFox Host: Buffer Overflow is not just
	exploitable on FireFox

On 9/14/05, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote:
> >Hi all,
> >Research and development has let to a ~90% reliable working exploit for the
> >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is

What? The exploit only works on winxp sp2 if DEP is turned off.....
(or is it JUST  there is another way in?) Your explanation is
confusing!

DEP That's turned ON by default... & most of us choose to turn it on
for all service & softwares.

-- 

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...

Powered by blists - more mailing lists