[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
From: "Robert Wesley McGrew" <wesley@xxxxxxxxxxxxxxxxxx>
Date: Tue, 1 May 2007 08:08:16 -0500

On 5/1/07, carl hardwick <hardwick.carl@xxxxxxxxx> wrote:
> Product: Firefox 2.0.0.3
> Description: Out-of-bounds memory access via specialy crafted html file
> Type: Remote
>
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
>
> Proof Of Concept exploit:
> http://www.critical.lt/research/opera_die_happy.html

This doesn't work in Firefox 2.0.0.3 in Ubuntu 7.04.  This sounds like
it might be another case of mistaken identity with the heap overflow
vulnerability in Nvidia blob drivers for Linux, as this was one way to
exploit it.

-- 
Robert Wesley McGrew
http://mcgrewsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
  - From: carl hardwick

Prev by Date: Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access viaspecialy crafted html file
Next by Date: Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
Previous by thread: Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access viaspecialy crafted html file
Next by thread: Re: [Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
Index(es):
- Date
- Thread