Full Disclosure mailing list archives
RE: Firefox 0.92 DoS via TinyBMP
From: "Sapheriel" <sapheriel () wwwp de>
Date: Mon, 12 Jul 2004 16:44:59 +0200
is that even a new vulnerability? the buffer overflow in windows .bmp implementation was found months ago. this looks like it's either the same proof of concept or something derived from it. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Bernardo Santos Wernesback Sent: Monday, July 12, 2004 4:29 PM To: Full-Disclosure () lists netsys com Subject: Re: [Full-disclosure] Firefox 0.92 DoS via TinyBMP Just tested on Windows XP Professional (fully patched) + IE SP1 and experienced the same problem. The first time I opened the page memory usage could be seen on Task Manager but the machine still responded. The second time the machine became unresponsive. Bernardo -----Mensagem original----- De: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] Em nome de st3ng4h Enviada em: segunda-feira, 12 de julho de 2004 10:26 Para: thE_iNviNciblE Cc: Full-Disclosure () lists netsys com Assunto: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP On Mon, Jul 12, 2004 at 01:23:39PM +0200, thE_iNviNciblE wrote:
there is a security vulnerability in Firebox 0.92 (latest Version) http://www.4rman.com/exploits/tinybmp.htm this link causes that your virutal memory will be rise up 1,2 GB used Memory... maybe Thunderbird 0.72 is also vulnerable via HTML.
Are you certain this is a vuln in Firefox? On W2K SP4 fully patched: I can verify that opening that page in Firefox 0.9.2 causes VM to balloon. However, I get almost identical results opening the same page in IE 6sp1, and can cause excessive VM consumption by opening little.bmp referenced in your page in MS Paint. st3ng4h _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Firefox 0.92 DoS via TinyBMP, (continued)
- Re: Firefox 0.92 DoS via TinyBMP st3ng4h (Jul 12)
- RE: Firefox 0.92 DoS via TinyBMP Sapheriel (Jul 12)
- RE: Firefox 0.92 DoS via TinyBMP jhaunsystem (Jul 12)
- RE: Firefox 0.92 DoS via TinyBMP Eric Paynter (Jul 13)
- Re: AW: Firefox 0.92 DoS via TinyBMP Lee Packham (Jul 12)
- Re: AW: Firefox 0.92 DoS via TinyBMP morning_wood (Jul 12)
- RE: Firefox 0.92 DoS via TinyBMP Sapheriel (Jul 12)