Full Disclosure mailing list archives
RE: Mozilla Firefox "Host:" Buffer Overflow Exploit
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 14 Sep 2005 08:12:22 -0400
There was some confusion as to whether this bug (https://bugzilla.mozilla.org/show_bug.cgi?id=307259 in bugzilla) was similar or identical to https://bugzilla.mozilla.org/show_bug.cgi?id=267669. David Baron of Mozilla is saying (I think - see https://bugzilla.mozilla.org/show_bug.cgi?id=267669#c39) that they are not the same. Can someone parse that comment 39 in my last link for me? I don't understand what he is saying, and if I take Firefox 1.0.6 with network.enableIDN set to true and run the test case linked to in bug 267669, the browser crashes. If I run it with network.enableIDN set to false, it doesn't crash. It sure quacks like the same bug. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit, (continued)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Przemyslaw Frasunek (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Paul (Sep 10)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Steve Friedl (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- RE: Mozilla Firefox "Host:" Buffer Overflow Exploit Peter Kruse (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Aviv Raff (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Georgi Guninski (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Aviv Raff (Sep 11)
- Message not available
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Ill will (Sep 11)
- Re: Mozilla Firefox "Host:" Buffer Overflow Exploit Daniel Veditz (Sep 13)
- RE: Mozilla Firefox "Host:" Buffer Overflow Exploit Larry Seltzer (Sep 14)