Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Firefox 0.92 DoS via TinyBMP
From: st3ng4h <st3ng4h () comcast net>
Date: Mon, 12 Jul 2004 13:52:30 -0500

On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
Hmm, very funny modified BMPs?!
So we see the true nature of this picture.

This is precisely the point that almost everyone is missing
completely (but still clamoring "it works on X, it doesn't work on
Y"), and that Sapheriel pinpointed: the core problem lies in the 
Windows .bmp implementation.

So, I wonder aloud, what is the purpose of publishing 'advisories' 
that misattribute this flaw to IE [1] or Firefox or any of the other
hundreds or thousands of programs that use it and can be DoSed as a


[1] http://www.securityfocus.com/archive/1/360166

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]