Dailydave mailing list archives
Re: Firefox bugs
From: Matt <matt () use net>
Date: Tue, 3 Oct 2006 11:25:53 -0700 (PDT)
On Tue, 3 Oct 2006, Thor Larholm wrote:
Their PoC, both the one in their slides and the full PoC, is nothing more than an out-of-memory crash, of which Firefox already has plenty. They were still struggling to write a working exploit days after the presentation, even though they claimed to have just that during the presentation. Long story short, the bug is just a bug - not a vulnerability.
Just use valgrind on FireFox (compiled with symbols) and load up something like maps.google.com. Then have a blast looking through the code and finding all kinds of little OB1 and OBAF issues. I tried working with them via their IRC channel to get some of these things fixed in 1.5, but they were not cooperative or accepting of patches. After that experience, I gave up and now use Konqueror, whose developers I have found to be more receptive to in-depth debugging information and acting upon it in a timely fashion. This is highly subjective, of course. -- tangled strands of DNA explain the way that I behave. http://www.clock.org/~matt _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs Thor Larholm (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs security curmudgeon (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs H D Moore (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs Thor Larholm (Oct 03)
- Re: Firefox bugs Thor Larholm (Oct 03)
- Re: Firefox bugs Matt (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs endrazine (Oct 03)
- Re: Firefox bugs [iRant] Bas Alberts (Oct 03)
- Re: Firefox bugs [iRant] Jared DeMott (Oct 04)
- Re: Firefox bugs Rob Lemos (Oct 04)
- Re: Firefox bugs James (njan) Eaton-Lee (Oct 04)
- Re: Firefox bugs Jared DeMott (Oct 04)