lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <43231A3C.40303@freebsd.lublin.pl> Date: Sat Sep 10 18:38:03 2005 From: venglin at freebsd.lublin.pl (Przemyslaw Frasunek) Subject: Mozilla Firefox "Host:" Buffer Overflow Exploit Berend-Jan Wever napisa?(a): > The security vulnerability in Mozilla FireFox reported by Tom Ferris is > exploitable on Windows. It's also easly exploitable on Linux -- no problems with jumping to arbitrary address: (gdb) x/i $eip 0x867926c <_ZN16nsTypedSelection5ClearEP14nsIPresContext+2236>: call *0x4(%eax) (gdb) info reg eax eax 0x61616161 1633771873 -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE * * JID: venglin@...ber.atman.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *