lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 12 Mar 2007 11:28:38 -0500
From: "Jason Areff" <hailtheczar@...il.com>
To: "Kristian Hermansen (khermans)" <khermans@...co.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: firefox 2.0.0.2 crash

Yeah, firefox is prone if it's set as your GIF file handler, schmarty.

On 3/12/07, Kristian Hermansen (khermans) <khermans@...co.com> wrote:
>
>  Firefox even crashes if you have it open and visit the site from lynx...
>
> $ lynx
> http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif<http://people.zoy.org/%7Esam/firefox-crash-save-session-before-clicking.gif>
>
> Looking up people.zoy.org
> Making HTTP connection to people.zoy.org
> Sending HTTP request.
> HTTP request sent; waiting for response.
> HTTP/1.1 200 OK
> Data transfer complete
> /usr/bin/firefox '/tmp/XXXXggdfOe/L23367-1095TMP.gif'
>
> lynx: Start file could not be found or is not text/html or text/plain
>       Exiting...
> --
> Kristian Hermansen
>
> ___
> Date: Fri, 09 Mar 2007 20:31:40 +0200
> From: T?nu Samuel <tonu@....ee>
> Subject: [Full-disclosure] firefox 2.0.0.2 crash
> To: full-disclosure@...ts.grok.org.uk
> Message-ID: <1173465100.5229.48.camel@....jes.ee>
> Content-Type: text/plain; charset=UTF-8
>
> Can be dupe but in fast browsing over topics I did not discovered this
> exploit:
>
> http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif<http://people.zoy.org/%7Esam/firefox-crash-save-session-before-clicking.gif>
>
>
> I do NOT know anything else than this url. Just seen it in random
> discussion and anyone else I asked knows nothing. Current tests indicate
> that Mozilla 2.0.0.2 gets killed within second, 1.5.0.10 survives.
>
>    T?nu
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ