[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1582074288.20090527225918@SECURITY.NNOV.RU>
Date: Wed, 27 May 2009 22:59:18 +0400
From: "Vladimir '3APA3A' Dubrovin" <3APA3A@...URITY.NNOV.RU>
To: "Jim Parkhurst" <JPARKHUR@....state.tx.us>
Cc: cert@...t.org, info@...cl.etat.lu,
"full-disclosure" <full-disclosure@...ts.grok.org.uk>,
<cve@...re.org>, <nvd@...t.gov>, <vuln@...unia.com>,
"bugtraq" <bugtraq@...urityfocus.com>,
"Thierry Zoller" <Thierry@...ler.lu>
Subject: Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Dear Jim Parkhurst,
It may depend on video card and video drivers and/or amount of
memory/video memory. 9 years ago there was vulnerability in Internet
explorer with displaying scaled image:
http://securityvulns.com/advisories/ie5freeze.asp results were also
different on different hardware. In some cases even mouse cursor was
frozen and reboot was only option.
--Wednesday, May 27, 2009, 7:56:56 PM, you wrote to cert@...t.org:
JP> If I understand the process, saving the text at [IV. Proof of
JP> concept] (following the "~~~..." to an .XHTML file, and launch the
JP> file using Firefox, I should lose functionality ("Browser doesn't
JP> respond any longer to any user input, all tabs are no longer
JP> accessible, your work if any (hail to the web 2.0) might be lost.")
JP> Using FF2.0.0.20 and the file does not result in loss of use.
JP> All tabs are functional. All JAVA links continue function. Same
JP> result for naming the POC file to .HTML, .HTM.
>>>> Thierry Zoller <Thierry@...ler.lu> 05/26/2009 13:13 >>>
JP> For those that failed to reproduce, try naming the POC file with an XHTML
JP> extension.
--
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
Машина оказалась способной к единственному действию,
а именно умножению 2x2, да и то при этом ошибаясь. (Лем)
Powered by blists - more mailing lists