lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed Sep 14 13:13:16 2005
From: larry at larryseltzer.com (Larry Seltzer)
Subject: Mozilla Firefox "Host:" Buffer Overflow Exploit

There was some confusion as to whether this bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=307259 in bugzilla) was
similar or identical to https://bugzilla.mozilla.org/show_bug.cgi?id=267669.
David Baron of Mozilla is saying (I think - see
https://bugzilla.mozilla.org/show_bug.cgi?id=267669#c39) that they are not
the same. 

Can someone parse that comment 39 in my last link for me? I don't understand
what he is saying, and if I take Firefox 1.0.6 with network.enableIDN set to
true and run the test case linked to in bug 267669, the browser crashes. If
I run it with network.enableIDN set to false, it doesn't crash. It sure
quacks like the same bug.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer@...fdavis.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ