lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200407122335.10039.fulldisc@ultratux.org>
From: fulldisc at ultratux.org (Maarten)
Subject: Firefox 0.92 DoS  via TinyBMP

On Monday 12 July 2004 20:52, st3ng4h wrote:
> On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
> > Hmm, very funny modified BMPs?!
>
> [snip]
>
> > So we see the true nature of this picture.
>
> This is precisely the point that almost everyone is missing
> completely (but still clamoring "it works on X, it doesn't work on
> Y"), and that Sapheriel pinpointed: the core problem lies in the
> Windows .bmp implementation.

Well, _if_ it does.  What is actually happening is that you load a graphic 
with a massive resolution.  Linking to a page with a 4400 MB jpeg isn't 
exactly what I'd call a DoS, but the effect sure looks like it though ;-)

However...  maybe I was jumping to conclusions too quick...
Since, for the record, Mozilla on linux doesn't suffer anything.
Or so it seems.

Maarten

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ