Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS)

From: the Pull (osioniusx@YAHOO.COM)
Date: 04/30/02


Date:         Tue, 30 Apr 2002 14:41:11 -0700
From: the Pull <osioniusx@YAHOO.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM


--- Thor Larholm <Thor@jubii.dk> wrote:
<snip>

> The IRC:// protocol inhibited by Mozilla/NS6 seems
> to have a buffer overrun.
<snip>

> If the input exceeds this limit, Mozilla 1.0 RC1
> crashes with the following
> error:
>
> The exception unknown software exception
> (0xc00000fd) occured in the
> application at location 0x60e42edf
>

Exception xfd is a stack overflow, not a buffer
overflow and tends not to be exploitable in browsers.

> Mozilla 0.9.9 gives a similar exception:
>
> The exception unknown software exception
> (0xc00000fd) occured in the
> application at location 0x60dd2c79.

Again, a stack overflow, not a buffer overflow.

If you actually see that you have control over
anything in memory, it may be exploitable; otherwise
basically it just that your stack has become
exhausted, eg, ESP and EBP hit their noses against
each other.

<snip>

__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com