Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Mozilla Firefox "Host:" Buffer Overflow Exploit

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 14 Sep 2005 08:12:22 -0400
There was some confusion as to whether this bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=307259 in bugzilla) was
similar or identical to https://bugzilla.mozilla.org/show_bug.cgi?id=267669.
David Baron of Mozilla is saying (I think - see
https://bugzilla.mozilla.org/show_bug.cgi?id=267669#c39) that they are not
the same. 

Can someone parse that comment 39 in my last link for me? I don't understand
what he is saying, and if I take Firefox 1.0.6 with network.enableIDN set to
true and run the test case linked to in bug 267669, the browser crashes. If
I run it with network.enableIDN set to false, it doesn't crash. It sure
quacks like the same bug.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: