Re: Firefox 1.5.0.7 Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Firefox 1.5.0.7 Exploit
From: OOZIE <oozie@xxxxxxxxx>
Date: 03 Nov 2006 00:30:23 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi! 

> <!--
> 
> Do 2 Nov 16:35:53 CET 2006
> Vulnerable: Firefox 1.5.0.7 and probably versions below
> Impact: DoS (perhaps Code Execution)
> 
> As Firefox 2.0 was released a few days ago...
> A "new" Exploit for the old version!
> The great Firefox! ;D
>
[...]
>
> If the URL is bigger than 4092 bytes, Firefox crashes!
> The URL in the following code is 4093 bytes!
> 
> Greets: Oli
> 
> Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog
> 
> -->

I use SUSE 10.1 with updated Firefox 1.5.0.7, unfortunately, I was unable to
reproduce this behaviour on 32bit AMILO Pro V2030. Not only with your 
URL-exploit,
I tried many different ones based on your hints. No success. 

Best Regards,
OOZIE

----------------------------------------------------------------------
PS. >>> http://link.interia.pl/f19a6

Prev by Date: VulnDisco Pack for Metasploit
Next by Date: ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability
Previous by thread: Re: Firefox 1.5.0.7 Exploit
Next by thread: iodine client 0.3.2 buffer overflow
Index(es):
- Date
- Thread