Re: Memory corruption when loading/unloading Adobe objects through EMBED tag in Firefox

[Rohit Patnaik <quanticle () gmail com>]

Are there any available workarounds that would mitigate the threat?  I
suppose I could just upload all my PDFs to Google Docs in the meantime, but
I'm looking for something that I could use while offline...

--Rohit Patnaik

On Tue, Oct 13, 2009 at 7:35 PM, mrx <mrx () propergander org uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> No, I installed latest updates prior to testing.
> They should be aware of this however considering what appear to be
> striking similarities in the code base between Foxit and Adobe
> readers, at least as far as shared bugs go.
> If not they will be aware of this after they read the email I sent them.
>
> MrX
>
> Rohit Patnaik wrote:
> > Has Foxit released an update for this?
> >
> > --Rohit Patnaik
> >
> > On Tue, Oct 13, 2009 at 6:40 PM, mrx <mrx () propergander org uk> wrote:
> >
> >
> > It would appear that Foxit reader version 3.1.1.0928 is also
> > vulnerable to this memory corruption flaw.
> > Foxit reader was also vulnerable to the JPEG2000/JBIG2 decoder bug.
> >
> > Makes me wonder how much code is common to both Adobes and Foxits PDF
> > readers
> >
> > MrX
> >
> >
> > Berend-Jan Wever wrote:
> > > > > Adobe bulletin:
> > > > > http://www.adobe.com/support/security/bulletins/apsb09-15.html
> > > > >
> > > > > Short description and repro case:
> http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/
> > > > > Cheers,
> > > > >
> > > > > SkyLined
> > > > > <
> http://skypher.com/index.php/2009/10/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/
> > > > > Berend-Jan Wever <berendjanwever () gmail com>
> > > > > http://skypher.com/SkyLined
> > ----------------------------------------------------------------------
> > > > > _______________________________________________
> > > > > Full-Disclosure - We believe in it.
> > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> > >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEVAwUBStUc0LIvn8UFHWSmAQIITggAxL/oV6LGNuqfXj59xbV3fLAdh/6aeE7I
> hna0TysRDSi/bN+lE/JLyh+F8WDdr/uNb4Kzc+mTEd5vVqTp2Qlw5ctkQu9AcCxn
> Gk9khwhgRkxYfE/DF9RsFluRMacEaYMUNuectMz+ViCiLhYiLSBrcN9N6khSBIHZ
> o8ttvZBlt9ovlIu08dmuexcIVpIax8SHJj+lPWtuuRYNw/PB02hu3Pnm839nP0cD
> o8ZQPXkG7zvVgBVdMoVCGLWkMgw1T9P73+32TqTC7aAuY9mwRWhG3o2LZo+/Iicl
> Z/uIBT74SWzWZOdhzwdQdlXpmKXad1A8W7XxqfFLhea6WYmbj/MzHg==
> =bPXc
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/