| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <da15e23f0705010608q6e41582ey1ee6b017e5a6b84@mail.gmail.com> Date: Tue, 1 May 2007 08:08:16 -0500 From: "Robert Wesley McGrew" <wesley@...rewsecurity.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file On 5/1/07, carl hardwick <hardwick.carl@...il.com> wrote: > Product: Firefox 2.0.0.3 > Description: Out-of-bounds memory access via specialy crafted html file > Type: Remote > > Vulnerability can be exploited by using a large value in a href tag to > create an out-of-bounds memory access. > > Proof Of Concept exploit: > http://www.critical.lt/research/opera_die_happy.html This doesn't work in Firefox 2.0.0.3 in Ubuntu 7.04. This sounds like it might be another case of mistaken identity with the heap overflow vulnerability in Nvidia blob drivers for Linux, as this was one way to exploit it. -- Robert Wesley McGrew http://mcgrewsecurity.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists