[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
From: Maarten <fulldisc@xxxxxxxxxxxx>
Date: Mon, 12 Jul 2004 23:35:10 +0200

On Monday 12 July 2004 20:52, st3ng4h wrote:
> On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
> > Hmm, very funny modified BMPs?!
>
> [snip]
>
> > So we see the true nature of this picture.
>
> This is precisely the point that almost everyone is missing
> completely (but still clamoring "it works on X, it doesn't work on
> Y"), and that Sapheriel pinpointed: the core problem lies in the
> Windows .bmp implementation.

Well, _if_ it does.  What is actually happening is that you load a graphic 
with a massive resolution.  Linking to a page with a 4400 MB jpeg isn't 
exactly what I'd call a DoS, but the effect sure looks like it though ;-)

However...  maybe I was jumping to conclusions too quick...
Since, for the record, Mozilla on linux doesn't suffer anything.
Or so it seems.

Maarten

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: thE_iNviNciblE
- Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: David Huecking
- Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: st3ng4h

Prev by Date: Re: AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by Date: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Previous by thread: RE: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by thread: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Index(es):
- Date
- Thread