Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
From: "Robert Wesley McGrew" <wesley () mcgrewsecurity com>
Date: Tue, 1 May 2007 08:08:16 -0500
On 5/1/07, carl hardwick <hardwick.carl () gmail com> wrote:

Product: Firefox 2.0.0.3
Description: Out-of-bounds memory access via specialy crafted html file
Type: Remote

Vulnerability can be exploited by using a large value in a href tag to
create an out-of-bounds memory access.

Proof Of Concept exploit:
http://www.critical.lt/research/opera_die_happy.html


This doesn't work in Firefox 2.0.0.3 in Ubuntu 7.04.  This sounds like
it might be another case of mistaken identity with the heap overflow
vulnerability in Nvidia blob drivers for Linux, as this was one way to
exploit it.

-- 
Robert Wesley McGrew
http://mcgrewsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]