Full Disclosure mailing list archives

Re: Firefox 0.92 DoS via TinyBMP

From: st3ng4h <st3ng4h () comcast net>
Date: Mon, 12 Jul 2004 08:25:30 -0500

On Mon, Jul 12, 2004 at 01:23:39PM +0200, thE_iNviNciblE wrote:

there is a security vulnerability in Firebox 0.92 (latest Version)

http://www.4rman.com/exploits/tinybmp.htm

this link causes that your virutal memory will be rise up 1,2 GB used 
Memory...

maybe Thunderbird 0.72 is also vulnerable via HTML.


Are you certain this is a vuln in Firefox?

On W2K SP4 fully patched: I can verify that opening that page in 
Firefox 0.9.2 causes VM to balloon.

However, I get almost identical results opening the same page in IE 
6sp1, and can cause excessive VM consumption by opening little.bmp 
referenced in your page in MS Paint.

st3ng4h

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Firefox 0.92 DoS via TinyBMP thE_iNviNciblE (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP Philip (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP William Warren (Jul 12)
  - Message not available
    - Fwd: Firefox 0.92 DoS via TinyBMP Jordan Cole (stilist) (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
  - Re: Firefox 0.92 DoS via TinyBMP William Warren (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP Ali Campbell (Jul 12)
- Re: Firefox 0.92 DoS via TinyBMP David Huecking (Jul 12)
  - Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
    - Re: Firefox 0.92 DoS via TinyBMP Jordan Cole (stilist) (Jul 12)
    - Re: Firefox 0.92 DoS via TinyBMP Maarten (Jul 12)
    - Re: Firefox 0.92 DoS via TinyBMP Ali Campbell (Jul 12)
    - Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
    - RE: Firefox 0.92 DoS via TinyBMP Sapheriel (Jul 12)
    - RE: Firefox 0.92 DoS via TinyBMP jhaunsystem (Jul 12)

(Thread continues...)