Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Firefox 0.92 DoS via TinyBMP
From: Maarten <fulldisc () ultratux org>
Date: Mon, 12 Jul 2004 23:35:10 +0200

On Monday 12 July 2004 20:52, st3ng4h wrote:
On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
Hmm, very funny modified BMPs?!


So we see the true nature of this picture.

This is precisely the point that almost everyone is missing
completely (but still clamoring "it works on X, it doesn't work on
Y"), and that Sapheriel pinpointed: the core problem lies in the
Windows .bmp implementation.

Well, _if_ it does.  What is actually happening is that you load a graphic 
with a massive resolution.  Linking to a page with a 4400 MB jpeg isn't 
exactly what I'd call a DoS, but the effect sure looks like it though ;-)

However...  maybe I was jumping to conclusions too quick...
Since, for the record, Mozilla on linux doesn't suffer anything.
Or so it seems.


Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]