Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Firefox 0.92 DoS via TinyBMP
From: Maarten <fulldisc () ultratux org>
Date: Mon, 12 Jul 2004 23:35:10 +0200

On Monday 12 July 2004 20:52, st3ng4h wrote:
On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
Hmm, very funny modified BMPs?!

[snip]

So we see the true nature of this picture.

This is precisely the point that almost everyone is missing
completely (but still clamoring "it works on X, it doesn't work on
Y"), and that Sapheriel pinpointed: the core problem lies in the
Windows .bmp implementation.

Well, _if_ it does.  What is actually happening is that you load a graphic 
with a massive resolution.  Linking to a page with a 4400 MB jpeg isn't 
exactly what I'd call a DoS, but the effect sure looks like it though ;-)

However...  maybe I was jumping to conclusions too quick...
Since, for the record, Mozilla on linux doesn't suffer anything.
Or so it seems.

Maarten

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]