Re: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit

["Paul" <pvnick@xxxxxxxxx>]

Skylined, is there anything that you can't exploit? ;-)

On a side note, an article quoting Ferris saying that "Microsoft takes too long 
to patch stuff so that's why I'm going public" recently was slashdotted 
(regarding a vulnerability he found in Internet Explorer). Now he goes public 
with this thing. Does he think that Mozilla and Microsoft have the lengthy 
patch process in common, or is he just being hypocritical, something that I 
have found to be quite common among anti-MS zealots.

Paul
Formerly of Greyhats Security
http://greyhatsecurity.org
  ----- Original Message ----- 
  From: Berend-Jan Wever 
  To: full-disclosure@xxxxxxxxxxxxxxxxx ; bugtraq@xxxxxxxxxxxxxxxxx ; 
security@xxxxxxxxxxx 
  Sent: Saturday, September 10, 2005 6:52 AM
  Subject: [Full-disclosure] Mozilla Firefox "Host:" Buffer Overflow Exploit


  (Just a little heads up, no details or PoC attached)

  The security vulnerability in Mozilla FireFox reported by Tom Ferris is 
exploitable on Windows.
  I developed a working exploit that seems to be 100% stable, though I've only 
tested it on one system.
  The exploit will not be released publicly untill patches are out.

  On a side note: it took only about 3 hours and 30 minutes to develop the 
exploit, so I might not be the only one able to write it.

  Cheers,
  SkyLined

  -- 
  Berend-Jan Wever <berendjanwever@xxxxxxxxx>
  http://www.edup.tudelft.nl/~bjwever 


------------------------------------------------------------------------------


  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/