Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit

[Fionnbharr <thouth () gmail com>]

Next time when you have a bug like this can you email me and I'll swap
you a bug where you can send a lot of data at a host from thousands of
computers and they can't handle legitimate traffic. Sounds about fair.

On 10 March 2010 04:34, Kaddeh <kaddeh () gmail com> wrote:
> I wouldn't call this a bug in the least bit.
> I would call it a lack of hardware issue than anything, similar to "minimal
> requirements" on software, etc.
> This issue only happens on 32-bit with the configuration that you yourself
> are running, there is no issue with Firefox itself, mainly because it has
> been confirmed multiple times to work on multiple machines (myself
> included).
> I chalk this one up to single-user issue and move on.
>
> Cheers
>
> Kad
>
> On Tue, Mar 9, 2010 at 9:03 AM, information security
> <informationhacker08 () gmail com> wrote:
> >  The testcase crashes in Mozilla because
> > The reason for this is that  the  are stack exhaustion crashes and are not
> > exploitable. Stack exhaustion occurs when there is no more room on the
> > program stack to push any more data. This is not a stack-based buffer
> > overflow. but it is definitely a bug
> >
> > Asheesh
> >
> >
> > On Mon, Mar 8, 2010 at 7:16 AM, Rohit Patnaik <quanticle () gmail com> wrote:
> > > You checked this code on a 64-bit computer?  I just tested it on Ubuntu
> > > 9.10 amd-64 edition (running from a LiveCD, no less).  The result was the
> > > same as the one described above - Firefox chugged for a few seconds and then
> > > displayed a very wide web page.
> > >
> > > -- Rohit Patnaik
> > >
> > > On Thu, Mar 4, 2010 at 4:15 AM, information security
> > > <informationhacker08 () gmail com> wrote:
> > > > i had check this code  in 64 bit computer  it works
> > > > but why this code only work for Mozilla  browser not in Internet
> > > > Explorer
> > > > and
> > > > also thanks Jeff  for all your comment :)
> > > > In India a famous Poet kabir says "keep your critic next to you he is
> > > > your  best friend!"  :)
> > > >
> > > > Asheesh kumar Mani Tripathi
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Wed, Mar 3, 2010 at 4:19 PM, Jeff Williams <jeffwillis30 () gmail com>
> > > > wrote:
> > > > > Sure;
> > > > >
> > > > > Mozilla by default recover any "lost" tabs by itself, then no worry for
> > > > > your "users" considerations.
> > > > > Now sparky, who will be stupid enough to launch a botnet that sets a
> > > > > web page containing a document.write "A" * 2000000000000000000 on them
> > > > > compromised hosts ?
> > > > >
> > > > > You tell me.
> > > > >
> > > > >
> > > > > 2010/3/3 information security <informationhacker08 () gmail com>
> > > > > > Thanks Valdis .Jeff for all your comment
> > > > > > yes my small-penis machine running out of RAM and swap space ...:
> > > > > > ...... :)and i believe that Mozilla get crash ...........:(
> > > > > > can you tell me how to fix that people don't become victim from this
> > > > > > attack  people with having 34 bit Computer
> > > > > > or people having small -penis machine change into big-penis machine :)
> > > > > >
> > > > > >
> > > > > > On Wed, Mar 3, 2010 at 12:37 AM, <Valdis.Kletnieks () vt edu> wrote:
> > > > > > > On Tue, 02 Mar 2010 20:02:37 PST, information security said:
> > > > > > >
> > > > > > > > open in Mozilla Firefox and wait for 15 sec ...... :) and say Good
> > > > > > > > Bye
> > > > > > >
> > > > > > > Sorry, your exploit doesn't do squat on a 64-bit Firefox 3.7a3 with
> > > > > > > plenty of
> > > > > > > RAM. It chugs for about 7-8 seconds and displays a *very* wide page.
> > > > > > >  It must
> > > > > > > be your small-penis machine running out of RAM and swap space. :)
> > > > > > >
> > > > > > > Hint - this issue was well understood back in 1964. Literally. IBM's
> > > > > > > OS/360 had
> > > > > > > a GETMAIN macro that allocated storage that could encounter this same
> > > > > > > basic
> > > > > > > "out of memory" issue.  So not only is this a non-bug that was known
> > > > > > > when you
> > > > > > > were still being toilet-trained, this may be the first recorded case
> > > > > > > of
> > > > > > > somebody reporting a non-bug that was known when their *parents* were
> > > > > > > still
> > > > > > > being toilet-trained.
> > > >
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/