lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6a5e46471003071746u1616f2ccw3713b9d391380f8f@mail.gmail.com>
Date: Mon, 8 Mar 2010 01:46:11 +0000
From: Rohit Patnaik <quanticle@...il.com>
To: information security <informationhacker08@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Mozilla Firefox 3.6 plenitude String
	Crash(0day) Exploit

You checked this code on a 64-bit computer?  I just tested it on Ubuntu 9.10
amd-64 edition (running from a LiveCD, no less).  The result was the same as
the one described above - Firefox chugged for a few seconds and then
displayed a very wide web page.

-- Rohit Patnaik

On Thu, Mar 4, 2010 at 4:15 AM, information security <
informationhacker08@...il.com> wrote:

> i had check this code  in 64 bit computer  it works
> but why this code only work for Mozilla  browser not in Internet Explorer
> and
> also thanks Jeff  for all your comment :)
> In India a famous Poet kabir says "keep your critic next to you he is your
> best friend!"  :)
>
> Asheesh kumar Mani Tripathi
>
>
>
>
>
>
>
>
> On Wed, Mar 3, 2010 at 4:19 PM, Jeff Williams <jeffwillis30@...il.com>wrote:
>
>> Sure;
>>
>> Mozilla by default recover any "lost" tabs by itself, then no worry for
>> your "users" considerations.
>>
>> Now sparky, who will be stupid enough to launch a botnet that sets a web
>> page containing a document.write "A" * 2000000000000000000 on them
>> compromised hosts ?
>>
>> You tell me.
>>
>>
>>
>> 2010/3/3 information security <informationhacker08@...il.com>
>>
>>> Thanks Valdis .Jeff for all your comment
>>> yes my small-penis machine running out of RAM and swap space ...: ......
>>> :)and i believe that Mozilla get crash ...........:(
>>> can you tell me how to fix that people don't become victim from this
>>> attack  people with having 34 bit Computer
>>> or people having small -penis machine change into big-penis machine :)
>>>
>>>
>>>
>>> On Wed, Mar 3, 2010 at 12:37 AM, <Valdis.Kletnieks@...edu> wrote:
>>>
>>>> On Tue, 02 Mar 2010 20:02:37 PST, information security said:
>>>>
>>>> > open in Mozilla Firefox and wait for 15 sec ...... :) and say Good Bye
>>>>
>>>> Sorry, your exploit doesn't do squat on a 64-bit Firefox 3.7a3 with
>>>> plenty of
>>>> RAM. It chugs for about 7-8 seconds and displays a *very* wide page.  It
>>>> must
>>>> be your small-penis machine running out of RAM and swap space. :)
>>>>
>>>> Hint - this issue was well understood back in 1964. Literally. IBM's
>>>> OS/360 had
>>>> a GETMAIN macro that allocated storage that could encounter this same
>>>> basic
>>>> "out of memory" issue.  So not only is this a non-bug that was known
>>>> when you
>>>> were still being toilet-trained, this may be the first recorded case of
>>>> somebody reporting a non-bug that was known when their *parents* were
>>>> still
>>>> being toilet-trained.
>>>>
>>>>
>>>
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ