mailing list archives
MSIE & FIREFOX flaws: "detailed" advisory and comments that you probably don't want to read anyway
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
Date: Fri, 26 Nov 2004 03:09:16 +0100
Skip to the "-- Advisory --" part if you are not interested in reading about disclosure but you are interested in
non-technical details about the array sort "vulnerability" I released.
----- Original Message -----
From: "Dragos Ruiu" <dr () kyx net>
He didn't have to release it... he could have sold it or any number of
other things including just exploiting it quietly. We should stop
shooting the messenger and say thanks to people who do other's
debugging for free and for all our own good.
Exactly. And since none of the vulnerable vendors have put out an advisory as far as I know, I'll let you all know the
impact of this bug myself. For free because I don't want you to lose any sleep over a lame crash:
-- Advisory ------------------------------
Both MSIE and firefox have the same problem handling this. Since a lot of people did not understand me when I told you
in 1337 h4x0r15h, I'll put it in n00b English:
The code I posted makes both browsers use up (stack)memory again and again untill there is no more left. This causes an
exception which can not be handled by both programs so both of them will be terminated: nothing to worry about, there
is no exploit for this, it just crashes the program.
-- End advisory --------------------------
So... it was all a big piece of FUD, which was exactly what I needed to get my point across. I do not kid myself that I
can convince everybody, but at least I got a lot of people thinking and hopefully even more convinced that a lot of
vendors do not acknowledge indepedent security researchers for their true value and (even more important to a lot of
you) do not act upon bugs as fast as is needed nowadays.
What if I was without integrity, as some people would have it, and would write a worm exploiting some (or all) of the
bugs I had found over the years ? Think about it... I could have sold a worm like that for good money to less
scrupulous people but instead I chose to disclose all that information responsible.
People that do not agree I disclosed the information on the IFRAME vulnerability responsible are people that could not
have gathered the information for themselves from the earlier post by ned. Everybody that could exploit it (it wasn't
that difficult) allready knew what I told you and probably was exploiting it without you knowing.
I truely am sorry for the people who do not understand my motives or think I did wrong. I am even more sorry for people
that got hit with InternetExploiter and it's derivatives. Both should keep in mind that if I had not disclosed this,
AV/IDS/etc vendors would not have known about/acted upon the problem and a patch would have been even lower priority
than it seems to be now. Saying that there was no problem before I released the exploit code for the IFRAME
vulnerability is a load of dingo's kidneys. I believe a lot more people could have been affected and in much worse ways
then they have been now if this had remained undergound.
PS. Note to self: stop wasting time on useless discussions on the internet.
Full-Disclosure - We believe in it.
Re: Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Dragos Ruiu (Nov 25)
- Re: FIREFOX flaws: nested array sort() loop Stack overflow exception, (continued)
Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Gadi Evron (Nov 25)
Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Heikki Toivonen (Nov 25)
Re: FIREFOX flaws: nested array sort() loop Stack overflow exception Juan Carlos Navea (Nov 25)
Re: Opera flaws: nested array sort() loop Stack overflow exception sergio (Nov 26)
- MSIE & FIREFOX flaws: "detailed" advisory and comments that you probably don't want to read anyway Berend-Jan Wever (Nov 26)