[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP & Thunderbird 0.72 & Outlook Express (latest Version)

To: Full-Disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP & Thunderbird 0.72 & Outlook Express (latest Version)
From: thE_iNviNciblE <the_invincible@xxxxxx>
Date: Mon, 12 Jul 2004 21:59:02 +0200

Hello,

i can confirm this bug für Thunderbird 0.72, but the behavior(you don't
really detect this bug) isn't so stupid as like by Outlook Express 6
(Total Crash up to Systemcrash, if you do enough *.bmp in the eMail)

<IMG ... src="http://www.4rman.com/exploits/little.bmp"; .....

i know this exploit is pretty old, but has someone testet it against
Anti Virus Programs?

other famous picture Viewer detect this bug...


  MfG thE_iNviNciblE
  ------------------
  Wissen ist Macht

Freie Meinung: http://www.your-mind-is-free.de.vu
IT-Security  : http://www.kid2elite.de.vu
IT-Forum     : http://www.security-focus.de.vu

thE_iNviNciblE wrote:

Hi,

there is a security vulnerability in Firebox 0.92 (latest Version)

http://www.4rman.com/exploits/tinybmp.htm

this link causes that your virutal memory will be rise up 1,2 GB used Memory...

maybe Thunderbird 0.72 is also vulnerable via HTML.

credits to: StupidWhiteMan


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: thE_iNviNciblE

Prev by Date: Re: [Full-Disclosure] No shell => secure?
Next by Date: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Previous by thread: Re: AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by thread: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Index(es):
- Date
- Thread