Full Disclosure mailing list archives
Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
From: Fionnbharr <thouth () gmail com>
Date: Wed, 10 Mar 2010 21:09:46 +1100
Next time when you have a bug like this can you email me and I'll swap you a bug where you can send a lot of data at a host from thousands of computers and they can't handle legitimate traffic. Sounds about fair. On 10 March 2010 04:34, Kaddeh <kaddeh () gmail com> wrote:
I wouldn't call this a bug in the least bit. I would call it a lack of hardware issue than anything, similar to "minimal requirements" on software, etc. This issue only happens on 32-bit with the configuration that you yourself are running, there is no issue with Firefox itself, mainly because it has been confirmed multiple times to work on multiple machines (myself included). I chalk this one up to single-user issue and move on. Cheers Kad On Tue, Mar 9, 2010 at 9:03 AM, information security <informationhacker08 () gmail com> wrote:The testcase crashes in Mozilla because The reason for this is that the are stack exhaustion crashes and are not exploitable. Stack exhaustion occurs when there is no more room on the program stack to push any more data. This is not a stack-based buffer overflow. but it is definitely a bug Asheesh On Mon, Mar 8, 2010 at 7:16 AM, Rohit Patnaik <quanticle () gmail com> wrote:You checked this code on a 64-bit computer? I just tested it on Ubuntu 9.10 amd-64 edition (running from a LiveCD, no less). The result was the same as the one described above - Firefox chugged for a few seconds and then displayed a very wide web page. -- Rohit Patnaik On Thu, Mar 4, 2010 at 4:15 AM, information security <informationhacker08 () gmail com> wrote:i had check this code in 64 bit computer it works but why this code only work for Mozilla browser not in Internet Explorer and also thanks Jeff for all your comment :) In India a famous Poet kabir says "keep your critic next to you he is your best friend!" :) Asheesh kumar Mani Tripathi On Wed, Mar 3, 2010 at 4:19 PM, Jeff Williams <jeffwillis30 () gmail com> wrote:Sure; Mozilla by default recover any "lost" tabs by itself, then no worry for your "users" considerations. Now sparky, who will be stupid enough to launch a botnet that sets a web page containing a document.write "A" * 2000000000000000000 on them compromised hosts ? You tell me. 2010/3/3 information security <informationhacker08 () gmail com>Thanks Valdis .Jeff for all your comment yes my small-penis machine running out of RAM and swap space ...: ...... :)and i believe that Mozilla get crash ...........:( can you tell me how to fix that people don't become victim from this attack people with having 34 bit Computer or people having small -penis machine change into big-penis machine :) On Wed, Mar 3, 2010 at 12:37 AM, <Valdis.Kletnieks () vt edu> wrote:On Tue, 02 Mar 2010 20:02:37 PST, information security said:open in Mozilla Firefox and wait for 15 sec ...... :) and say Good ByeSorry, your exploit doesn't do squat on a 64-bit Firefox 3.7a3 with plenty of RAM. It chugs for about 7-8 seconds and displays a *very* wide page. It must be your small-penis machine running out of RAM and swap space. :) Hint - this issue was well understood back in 1964. Literally. IBM's OS/360 had a GETMAIN macro that allocated storage that could encounter this same basic "out of memory" issue. So not only is this a non-bug that was known when you were still being toilet-trained, this may be the first recorded case of somebody reporting a non-bug that was known when their *parents* were still being toilet-trained._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit information security (Mar 02)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit Jeff Williams (Mar 02)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit Valdis . Kletnieks (Mar 03)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit information security (Mar 03)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit Jeff Williams (Mar 03)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit information security (Mar 03)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit Rohit Patnaik (Mar 07)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit information security (Mar 09)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit Kaddeh (Mar 09)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit Fionnbharr (Mar 10)
- Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit information security (Mar 03)