Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)

From: the Pull (osioniusx@YAHOO.COM)
Date: 04/30/02


Date:         Tue, 30 Apr 2002 14:41:11 -0700
From: the Pull <osioniusx@YAHOO.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM


--- Thor Larholm <Thor@jubii.dk> wrote:
<snip>

> The IRC:// protocol inhibited by Mozilla/NS6 seems
> to have a buffer overrun.
<snip>

> If the input exceeds this limit, Mozilla 1.0 RC1
> crashes with the following
> error:
>
> The exception unknown software exception
> (0xc00000fd) occured in the
> application at location 0x60e42edf
>

Exception xfd is a stack overflow, not a buffer
overflow and tends not to be exploitable in browsers.

> Mozilla 0.9.9 gives a similar exception:
>
> The exception unknown software exception
> (0xc00000fd) occured in the
> application at location 0x60dd2c79.

Again, a stack overflow, not a buffer overflow.

If you actually see that you have control over
anything in memory, it may be exploitable; otherwise
basically it just that your stack has become
exhausted, eg, ESP and EBP hit their noses against
each other.

<snip>

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com



Relevant Pages

  • RE: Win32 DLL project randomly crashes after moving to VS2005
    ... Have you found something when your program crashed with stack overflow ... Since your DLL project just upgraded to VS2005, is it possible that the new ... buffer and the return address. ... it will have to overwrite the cookie put in between it and the ...
    (microsoft.public.vc.ide_general)
  • Re: Public disclosure of discovered vulnerabilities
    ... in a buffer stored on the stack. ... That's a stack overflow, because bufis a stack-allocated buffer. ... *I* didn't introduce that distinction. ... publicly known methods of exploiting stack overflows -- whereas there ...
    (sci.crypt)
  • Re: Stack Overflow
    ... EW> The code almost completes when it throws a stack overflow exception. ... If I understand correctly data is stored in the buffer. ... Then data is piling up in the heap not in the stack... ...
    (microsoft.public.dotnet.general)