| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Apr 2007 14:29:16 -0700 From: "George Ou" <george_ou@...architect.net> To: "'Larry Seltzer'" <Larry@...ryseltzer.com>, "'Alexander Sotirov'" <asotirov@...ermina.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Windows .ANI LoadAniIcon Stack Overflow The patch for ANI is out from Microsoft. I'm assuming the question is if we will see this technique for Firefox exploitation posted now? -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Larry Seltzer Sent: Tuesday, April 03, 2007 2:14 PM To: Alexander Sotirov Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow LS> The Firefox docs say that it doesn't support .ani files for cursors. LS> How are you exploiting it? AS> I'll wait until the patch is out before I publish the technique. AS> As far as I know there are no public ANI exploits for Firefox yet. So now can you say how Firefox is vulnerable? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer@...fdavis.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists