Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Firefox 0.92 DoS via TinyBMP
From: "Bernardo Santos Wernesback" <bernardo () ish com br>
Date: Mon, 12 Jul 2004 11:28:56 -0300

Just tested on Windows XP Professional (fully patched) + IE SP1 and
experienced the same problem.

The first time I opened the page memory usage could be seen on Task
Manager but the machine still responded.

The second time the machine became unresponsive.

Bernardo

-----Mensagem original-----
De: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] Em nome de st3ng4h
Enviada em: segunda-feira, 12 de julho de 2004 10:26
Para: thE_iNviNciblE
Cc: Full-Disclosure () lists netsys com
Assunto: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP

On Mon, Jul 12, 2004 at 01:23:39PM +0200, thE_iNviNciblE wrote:
there is a security vulnerability in Firebox 0.92 (latest Version)

http://www.4rman.com/exploits/tinybmp.htm

this link causes that your virutal memory will be rise up 1,2 GB used 
Memory...

maybe Thunderbird 0.72 is also vulnerable via HTML.

Are you certain this is a vuln in Firefox?

On W2K SP4 fully patched: I can verify that opening that page in 
Firefox 0.9.2 causes VM to balloon.

However, I get almost identical results opening the same page in IE 
6sp1, and can cause excessive VM consumption by opening little.bmp 
referenced in your page in MS Paint.

st3ng4h

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault