Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
From: information security <informationhacker08 () gmail com>
Date: Tue, 9 Mar 2010 22:33:43 +0530

 The testcase crashes in Mozilla because
The reason for this is that  the  are stack exhaustion crashes and are not
exploitable. Stack exhaustion occurs when there is no more room on the
program stack to push any more data. This is not a stack-based buffer
overflow. but it is definitely a bug

Asheesh
<http://blogs.technet.com/srd/archive/2009/01/28/stack-overflow-stack-exhaustion-not-the-same-as-stack-buffer-overflow.aspx>

On Mon, Mar 8, 2010 at 7:16 AM, Rohit Patnaik <quanticle () gmail com> wrote:

You checked this code on a 64-bit computer?  I just tested it on Ubuntu
9.10 amd-64 edition (running from a LiveCD, no less).  The result was the
same as the one described above - Firefox chugged for a few seconds and then
displayed a very wide web page.

-- Rohit Patnaik

On Thu, Mar 4, 2010 at 4:15 AM, information security <
informationhacker08 () gmail com> wrote:

i had check this code  in 64 bit computer  it works
but why this code only work for Mozilla  browser not in Internet Explorer
and
also thanks Jeff  for all your comment :)
In India a famous Poet kabir says "keep your critic next to you he is
your  best friend!"  :)

Asheesh kumar Mani Tripathi








On Wed, Mar 3, 2010 at 4:19 PM, Jeff Williams <jeffwillis30 () gmail com>wrote:

Sure;

Mozilla by default recover any "lost" tabs by itself, then no worry for
your "users" considerations.

Now sparky, who will be stupid enough to launch a botnet that sets a web
page containing a document.write "A" * 2000000000000000000 on them
compromised hosts ?

You tell me.



2010/3/3 information security <informationhacker08 () gmail com>

Thanks Valdis .Jeff for all your comment
yes my small-penis machine running out of RAM and swap space ...: ......
:)and i believe that Mozilla get crash ...........:(
can you tell me how to fix that people don't become victim from this
attack  people with having 34 bit Computer
or people having small -penis machine change into big-penis machine :)



On Wed, Mar 3, 2010 at 12:37 AM, <Valdis.Kletnieks () vt edu> wrote:

On Tue, 02 Mar 2010 20:02:37 PST, information security said:

open in Mozilla Firefox and wait for 15 sec ...... :) and say Good
Bye

Sorry, your exploit doesn't do squat on a 64-bit Firefox 3.7a3 with
plenty of
RAM. It chugs for about 7-8 seconds and displays a *very* wide page.
 It must
be your small-penis machine running out of RAM and swap space. :)

Hint - this issue was well understood back in 1964. Literally. IBM's
OS/360 had
a GETMAIN macro that allocated storage that could encounter this same
basic
"out of memory" issue.  So not only is this a non-bug that was known
when you
were still being toilet-trained, this may be the first recorded case of
somebody reporting a non-bug that was known when their *parents* were
still
being toilet-trained.





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault