lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <38D04BF3A4B7B2499D19EB1DB54285EA0174AD99@FNB1EX01.gci.com>
Date: Mon Nov 21 19:54:47 2005
From: lsawyer at gci.com (Leif Sawyer)
Subject: Computer
	TerrorismSecurity	Advisory	(Reclassification)- Microsoft
	Internet Explorer JavaScript	Window() Vulnerability

Happy Top-post Monday. :-)

Running:
	Mandriva 2006  2.6.13.4  SMP

Firefox 1.5b2 (with no plugins)
   Succombs immediately with no output. A click on the close-app 'X'
   brings up the window-manager kill screen for unresponsive
applications.

Mozilla 1.7.11 (20050729)  (with no plugins)
   Seems to also succomb, but it does slowly start to render some
strange characters.
   Application doesn't respond to close-window, but a click on the
close-app 'X'
   brings up the window-manager kill screen for unresponsive
applications.

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Michael Holstein
> Sent: Monday, November 21, 2005 10:02 AM
> To: securityadvisory
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Computer TerrorismSecurity 
> Advisory (Reclassification)- Microsoft Internet Explorer 
> JavaScript Window() Vulnerability
> 
> > Is it just me or did this exploit just DOS'ed my Firefox 
> 1.0.7(Debian 
> > Linux).
> 
> No. It's not just you.
> 
> Confirmed the same on Slackware (2.6.11 kernel) and WinXP. 
> Both running Firefox 1.07 binary for their respective platform.
> 
> Wonder how long till I start seeing banner ads with this code ;)
> 
> Regards,
> 
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ