Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Firefox 0.92 DoS via TinyBMP
From: "Andrew Poodle" <andrewp () IRW co uk>
Date: Mon, 12 Jul 2004 15:31:50 +0100

[Full-Disclosure] Firefox 0.92 DoS via TinyBMP

for me this works fine on a fully patched msie 6.0sp1 too. 
Firefox 0.8 doesn't seem to be vulnerable.

there is a security vulnerability in Firebox 0.92 (latest Version)


I think this has more to do with the machine, rather than the browser.

The link broke my IE in the same way..  Machine slows, and locks,
requiring a forced hard reboot.

Laptop with 450mhx cpu and 128 meg of ram, with a 5 gig HD
Running Win2k, with IE6 and Firefox 0.9.2

However, my collegue's machine (1.6 ghz cpu, 1 gig ram) worked fine in
both IE and Firefox, although firefox did render the page FAR more
slowly than IE.

There may be an issue in how firefox handles .BMP files, but I'd be more
concerned with cpu and mem usage on older machines irrespective of


Andrew Poodle
IRW Solutions Group Ltd
17 Glasgow Road

t: +44 (0) 141 842 1142
f: +44 (0) 141 842 1134
e: andrewp () irw co uk 
w: www.irw.co.uk

IRW Solutions Group Ltd
IRW Platinum: Strategic Consultancy
IRW Focus Blue: e-Business Software Solutions
IRW Associates: Managed Services

This document should only be read by those persons to whom it is addressed and is not intended to be relied upon by any 
person without subsequent written confirmation of its contents. 
Accordingly  IRW  Solutions Group Ltd  disclaim all responsibility and accept no liability (including in negligence) 
for the consequences for any person acting, or refraining from acting, on such information prior to the receipt by 
those persons of subsequent written confirmation. 

If you have received this e-mail message in error, please notify us immediately. 
Please also destroy and delete the message from your computer. 

Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this 
e-mail message is strictly prohibited.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]