Full Disclosure mailing list archives

Re: Mozilla Firefox "Host:" Buffer Overflow

From: <ipatches () hushmail com>
Date: Fri, 9 Sep 2005 08:24:55 -0700

n e w s wrote:

Heikki Toivonen wrote:

Tom Ferris wrote:

Vendor Status:
Mozilla was notified, and im guessing they are working on a

patch. Who

knows though?


That seems like a gross mischaracterization, at least by looking

at the

Bugzilla bug filed by you which I believe this corresponds to.

The bug

was reported two days ago (Sep 6), the first comment came less

than an

hour after that, and the first attempted fix was attached less

than two

hours after the bug was filed. Further comments explained how it

was

proving hard to find what and where was actually going wrong to

put in

the right fix. 10 replies total in less than two days. To me it

seems

obvious work is being done.

 

------------------------------------------------------------------

------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Hi, I was looking for the Firefox bug report mentioned, and
after searching for quite some time was not able to find the
thread on Bugzilla.  Not sure if I am doing something wrong,
but if someone has a link to the url of Tom's post to
Bugzilla, I'd be grateful if the link found its way onto
this list.  TIA!


n e w s

I could neither find it but it appears same to 
https://bugzilla.mozilla.org/show_bug.cgi?id=267669. Maybe he uses 
mangleme also? Also I want to know from where he copied Technical 
Details? Maybe it just crash 0xadc2adc2 only is kernel space.




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: Mozilla Firefox "Host:" Buffer Overflow, (continued)
- - - RE: Mozilla Firefox "Host:" Buffer Overflow Larry Seltzer (Sep 09)
    - RE: Mozilla Firefox "Host:" Buffer Overflow Bruce Ediger (Sep 09)
    - RE: Mozilla Firefox "Host:" Buffer Overflow Larry Seltzer (Sep 09)
    - RE: Mozilla Firefox "Host:" Buffer Overflow Bruce Ediger (Sep 09)
    - RE: Mozilla Firefox "Host:" Buffer Overflow Bruce Ediger (Sep 09)
    - Re: Mozilla Firefox "Host:" Buffer Overflow Andrew R. Reiter (Sep 09)
    - Re: Mozilla Firefox "Host:" Buffer Overflow Dave Aitel (Sep 09)
    - Re: Mozilla Firefox "Host:" Buffer Overflow Andrew R. Reiter (Sep 09)
- Re: Mozilla Firefox "Host:" Buffer Overflow Jerome Athias (Sep 09)
  - Re: Mozilla Firefox "Host:" Buffer Overflow milw0rm Inc. (Sep 09)
- Re: Mozilla Firefox "Host:" Buffer Overflow ipatches (Sep 09)
  - Re: Mozilla Firefox "Host:" Buffer Overflow Adam Polkosnik (Sep 09)
  - RE: Mozilla Firefox "Host:" Buffer Overflow Larry Seltzer (Sep 09)
    - RE: Mozilla Firefox "Host:" Buffer Overflow Larry Seltzer (Sep 09)
- RE: Mozilla Firefox "Host:" Buffer Overflow Todd Towles (Sep 09)
- RE: Mozilla Firefox "Host:" Buffer Overflow Roberto Gomez Bolaños (Sep 10)
  - RE: Mozilla Firefox "Host:" Buffer Overflow Larry Seltzer (Sep 10)
- RE: Mozilla Firefox "Host:" Buffer Overflow Roberto Gomez Bolaños (Sep 12)