[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
- To: "'Bernardo Santos Wernesback'" <bernardo@xxxxxxxxxx>, <Full-Disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
- From: "Sapheriel" <sapheriel@xxxxxxx>
- Date: Mon, 12 Jul 2004 16:44:59 +0200
is that even a new vulnerability? the buffer overflow in windows .bmp
implementation was found months ago. this looks like it's either the same
proof of concept or something derived from it.
-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Bernardo Santos
Wernesback
Sent: Monday, July 12, 2004 4:29 PM
To: Full-Disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Just tested on Windows XP Professional (fully patched) + IE SP1 and
experienced the same problem.
The first time I opened the page memory usage could be seen on Task Manager
but the machine still responded.
The second time the machine became unresponsive.
Bernardo
-----Mensagem original-----
De: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] Em nome de st3ng4h Enviada
em: segunda-feira, 12 de julho de 2004 10:26
Para: thE_iNviNciblE
Cc: Full-Disclosure@xxxxxxxxxxxxxxxx
Assunto: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
On Mon, Jul 12, 2004 at 01:23:39PM +0200, thE_iNviNciblE wrote:
> there is a security vulnerability in Firebox 0.92 (latest Version)
>
> http://www.4rman.com/exploits/tinybmp.htm
>
> this link causes that your virutal memory will be rise up 1,2 GB used
> Memory...
>
> maybe Thunderbird 0.72 is also vulnerable via HTML.
Are you certain this is a vuln in Firefox?
On W2K SP4 fully patched: I can verify that opening that page in Firefox
0.9.2 causes VM to balloon.
However, I get almost identical results opening the same page in IE 6sp1,
and can cause excessive VM consumption by opening little.bmp referenced in
your page in MS Paint.
st3ng4h
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html