lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <26396085.1126971919003.JavaMail.juha-matti.laurio@netti.fi>
Date: Sat Sep 17 16:45:24 2005
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: FireFox Host: Buffer Overflow is not just
	exploitable on FireFox

> On 9/14/05, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote:
> > >Hi all,
> > >Research and development has let to a ~90% reliable working exploit 
for the
> > >IDN Heap Buffer overrun in FireFox on WinXP and Win2k3 as long as DEP is

A short correction that this part of message is from SkyLined's posting:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037045.html
 
- Juha-Matti

> What? The exploit only works on winxp sp2 if DEP is turned off.....
> (or is it JUST  there is another way in?) Your explanation is
> confusing!
> 
> DEP That's turned ON by default... & most of us choose to turn it on
> for all service & softwares.
> 
> -- 
> 
> Bipin Gautam
> http://bipin.tk
> 
> Zeroth law of security: The possibility of poking a system from lower
> privilege is zero unless & until there is possibility of direct,
> indirect or consequential communication between the two...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ