Full Disclosure mailing list archives
Re: Mozilla Firefox "Host:" Buffer Overflow Exploit
From: "Paul" <pvnick () gmail com>
Date: Sun, 11 Sep 2005 02:52:05 -0400
Skylined, is there anything that you can't exploit? ;-) On a side note, an article quoting Ferris saying that "Microsoft takes too long to patch stuff so that's why I'm going public" recently was slashdotted (regarding a vulnerability he found in Internet Explorer). Now he goes public with this thing. Does he think that Mozilla and Microsoft have the lengthy patch process in common, or is he just being hypocritical, something that I have found to be quite common among anti-MS zealots. Paul Formerly of Greyhats Security http://greyhatsecurity.org ----- Original Message ----- From: Berend-Jan Wever To: full-disclosure () lists grok org uk ; bugtraq () securityfocus com ; security () mozilla org Sent: Saturday, September 10, 2005 6:52 AM Subject: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit (Just a little heads up, no details or PoC attached) The security vulnerability in Mozilla FireFox reported by Tom Ferris is exploitable on Windows. I developed a working exploit that seems to be 100% stable, though I've only tested it on one system. The exploit will not be released publicly untill patches are out. On a side note: it took only about 3 hours and 30 minutes to develop the exploit, so I might not be the only one able to write it. Cheers, SkyLined -- Berend-Jan Wever <berendjanwever () gmail com> http://www.edup.tudelft.nl/~bjwever ------------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mozilla Firefox "Host:" Buffer Overflow Exploit Berend-Jan Wever (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Przemyslaw Frasunek (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Paul (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Steve Friedl (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- <Possible follow-ups>
- RE: Mozilla Firefox "Host:" Buffer Overflow Exploit Peter Kruse (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Aviv Raff (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Aviv Raff (Sep 11)
- Message not available
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Ill will (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Daniel Veditz (Sep 13)
- RE: Mozilla Firefox "Host:" Buffer Overflow Exploit Larry Seltzer (Sep 14)