[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
From: st3ng4h <st3ng4h@xxxxxxxxxxx>
Date: Mon, 12 Jul 2004 13:52:30 -0500

On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
> Hmm, very funny modified BMPs?!
[snip]
> So we see the true nature of this picture.

This is precisely the point that almost everyone is missing
completely (but still clamoring "it works on X, it doesn't work on
Y"), and that Sapheriel pinpointed: the core problem lies in the 
Windows .bmp implementation.

So, I wonder aloud, what is the purpose of publishing 'advisories' 
that misattribute this flaw to IE [1] or Firefox or any of the other
hundreds or thousands of programs that use it and can be DoSed as a
result?

st3ng4h

[1] http://www.securityfocus.com/archive/1/360166

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: Ali Campbell
- Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: Maarten
- Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: Jordan Cole (stilist)

References:
- [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: thE_iNviNciblE
- Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: David Huecking

Prev by Date: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP & Thunderbird 0.72 & Outlook Express (latest Version)
Next by Date: RE: [Full-Disclosure] Erasing a hard disk easily
Previous by thread: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by thread: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Index(es):
- Date
- Thread