Full Disclosure mailing list archives
Re: Heap overflow in Mozilla Browser <= 1.7.3 NNTP code.
From: Michal Zalewski <lcamtuf () ghettot org>
Date: Fri, 7 Jan 2005 01:21:29 +0100 (CET)
On Wed, 29 Dec 2004, Maurycy Prodeus wrote:
On my RedHat 9.0 with Mozilla 1.7.3 attached proof of concept code overflows the buffer using attacker-supplied data. I decided to make this bug public because Mozilla Team hasn't warned users.
As much as I respect what Mozilla folks are doing for the community, I find their security response to be, ahem, lacking. Given their increasing userbase, this is a bad omen. They seldom reply, and very often adequately follow up, on reports sent to security () mozilla org; and when they actually learn about a problem, they do not seem to reach out to those of their users who do not happen to browse Bugzilla daily. Judging from reports such as this, they also routinely downplay serious threats, perhaps to discourage people from claiming a prize they once established for spotting a remote security bug in the browser. Uh-oh. Oh, last but not least, my personal complaint: they are taking some three months to fix publicly disclosed mangleme vulnerabilities in their browsers - no single vendor advisory was released, despite of 20+ problems being reported, some of which apparently remotely exploitable. In that regard, they managed to beat Microsoft, who took "only" several weeks to fix mangleme IFRAME (Bofra) vulnerability. Their stagnant mangleme vulnerability / bug queue: https://bugzilla.mozilla.org/showdependencytree.cgi?id=264944 Not that Mozilla is any worse than other open source browser developers in that regard. IIRC, we did not see advisories or vendor fixes for mangleme flaws in Konqueror / Safari, [e]links, lynx, elvis, w3m and other browsers... the difference is, Mozilla/Firefox is becoming a mainstream tool. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2005-01-07 01:01 -- http://lcamtuf.coredump.cx/photo/current/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Heap overflow in Mozilla Browser <= 1.7.3 NNTP code. Michal Zalewski (Jan 06)