lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 2 Nov 2006 14:20:40 -0600
From: "Robert McGrew" <wesleymcgrew@...il.com>
To: "koenig@...-k-a-d-e-n-t.de" <koenig@...-k-a-d-e-n-t.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: Firefox 1.5.0.7 Exploit

On 2 Nov 2006 16:43:35 -0000, koenig@...-k-a-d-e-n-t.de
<koenig@...-k-a-d-e-n-t.de> wrote:
> <!--
>
> Do 2 Nov 16:35:53 CET 2006
>
> Vulnerable: Firefox 1.5.0.7 and probably versions below
>
> Impact: DoS (perhaps Code Execution)
>
>
> As Firefox 2.0 was released a few days ago...
> A "new" Exploit for the old version!
> The great Firefox! ;D
>
> On Kubuntu Linux the exploits does not just kill firefox
> but freezes the whole system! Probably it will also freeze
> other distros!
>
> If the URL is bigger than 4092 bytes, Firefox crashes!
> The URL in the following code is 4093 bytes!
>
> Greets: Oli
>
> Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog

Could not replicate this on Firefox 1.5.0.7 on Ubuntu 6.06.  Tried
with 8k of 'a''s even and no luck:

perl -e "print '<html><body><a href=\"http://' . 'a'x8192 .
'.de\">DoS</a></body></html>'" > test.html

If I click on the link and go up to my address bar, I can see that it
even manages to pass along the entire thing up to the '.de'.

-- 
Robert Wesley McGrew
http://cse.msstate.edu/~rwm8/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ