Full Disclosure mailing list archives

Re: Firefox 1.5.0.7 Exploit

From: "Tyop?" <tyoptyop () gmail com>
Date: Fri, 3 Nov 2006 09:35:58 +0100

On 11/2/06, Bram Dumolin <bdumolin () gmail com> wrote:

re,
On 2 Nov 2006 16:43:35 -0000, koenig () d-e-k-a-d-e-n-t de
<koenig () d-e-k-a-d-e-n-t de> wrote:

Do 2 Nov 16:35:53 CET 2006

Vulnerable: Firefox 1.5.0.7 and probably versions below

Impact: DoS (perhaps Code Execution)


As Firefox 2.0 was released a few days ago...
A "new" Exploit for the old version!
The great Firefox! ;D

On Kubuntu Linux the exploits does not just kill firefox
but freezes the whole system! Probably it will also freeze
other distros!

If the URL is bigger than 4092 bytes, Firefox crashes!
The URL in the following code is 4093 bytes!


No problem on Mac OS X 10.4.8 with firefox 1.5.0.7.


firefox 1.5.0.7 on FreeBSD 7.0(september) and on Linux debian 2.6.17-2-686,
Not affected.

-- 
Tyop?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Firefox 1.5.0.7 Exploit Tyop? (Nov 03)
- Re: Firefox 1.5.0.7 Exploit Lubomir Kundrak (Nov 06)