| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Apr 2007 19:13:06 -0700 From: Alexander Sotirov <asotirov@...ermina.com> To: Larry Seltzer <Larry@...ryseltzer.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer wrote: > Alex had said that he was exploiting this bug on Firefox, even though > the Firefox docs say it should be impossible. I'm just trying to > understand how his claims are possible. > > There's no reason to believe the Firefox developers need to do anything. > IE, for example, is fixed when the ANI code in GDI is fixed. To avoid any confusion: 1) There is no vulnerability in the Firefox source code 2) Firefox uses a Windows API function which uses the vulnerable code in USER32.DLL, so the ANI vulnerability can be exploited through Firefox 3) Installing the MS07-017 patch will protect both IE and Firefox against this vulnerability 4) There is no vulnerability for the Firefox developers to patch. I recommend that they limit their use of the Windows API to avoid being affected by the next Windows vuln, but this is application hardening, not a vulnerability fix. 5) Even thought the patch is already out, I'd like to avoid harming Windows users who haven't installed it, so that's why I'm not releasing the details about the Firefox exploit just yet. Larry, why are you so curious about how this exploit works? Alex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists