[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Firefox 1.5.0.7 Exploit

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Firefox 1.5.0.7 Exploit
From: "Tyop?" <tyoptyop@xxxxxxxxx>
Date: Fri, 3 Nov 2006 09:35:58 +0100

On 11/2/06, Bram Dumolin <bdumolin@xxxxxxxxx> wrote:
> re,
> On 2 Nov 2006 16:43:35 -0000, koenig@xxxxxxxxxxxxxxxxxx
> <koenig@xxxxxxxxxxxxxxxxxx> wrote:
>
> > Do 2 Nov 16:35:53 CET 2006
> >
> > Vulnerable: Firefox 1.5.0.7 and probably versions below
> >
> > Impact: DoS (perhaps Code Execution)
> >
> >
> > As Firefox 2.0 was released a few days ago...
> > A "new" Exploit for the old version!
> > The great Firefox! ;D
> >
> > On Kubuntu Linux the exploits does not just kill firefox
> > but freezes the whole system! Probably it will also freeze
> > other distros!
> >
> > If the URL is bigger than 4092 bytes, Firefox crashes!
> > The URL in the following code is 4093 bytes!
>
> No problem on Mac OS X 10.4.8 with firefox 1.5.0.7.

firefox 1.5.0.7 on FreeBSD 7.0(september) and on Linux debian 2.6.17-2-686,
Not affected.

-- 
Tyop?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Firefox 1.5.0.7 Exploit
  - From: Lubomir Kundrak

Prev by Date: Re: [Full-disclosure] Putty Proxy login/password discolsure....
Next by Date: Re: [Full-disclosure] [funsec] Who is n3td3v?
Previous by thread: [Full-disclosure] [ MDKSA-2006:195 ] - Updated wireshark packages fix multiple vulnerabilities
Next by thread: Re: [Full-disclosure] Firefox 1.5.0.7 Exploit
Index(es):
- Date
- Thread