Full Disclosure mailing list archives

Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file

From: "Robert Wesley McGrew" <wesley () mcgrewsecurity com>
Date: Tue, 1 May 2007 08:08:16 -0500

On 5/1/07, carl hardwick <hardwick.carl () gmail com> wrote:

Product: Firefox 2.0.0.3
Description: Out-of-bounds memory access via specialy crafted html file
Type: Remote

Vulnerability can be exploited by using a large value in a href tag to
create an out-of-bounds memory access.

Proof Of Concept exploit:
http://www.critical.lt/research/opera_die_happy.html


This doesn't work in Firefox 2.0.0.3 in Ubuntu 7.04.  This sounds like
it might be another case of mistaken identity with the heap overflow
vulnerability in Nvidia blob drivers for Linux, as this was one way to
exploit it.

-- 
Robert Wesley McGrew
http://mcgrewsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file carl hardwick (May 01)
- Re: Firefox 2.0.0.3 Out-of-bounds memory access viaspecialy crafted html file Nikolay Kichukov (May 01)
- Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file Robert Wesley McGrew (May 01)
- Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file Ismail Dönmez (May 01)
- Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file Mihai Donțu (May 01)
  - Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file Alexander Bierbaumer (May 01)
- Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file Stan Bubrouski (May 01)
- Re: Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file Andrew Redman (May 01)