Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,Mozilla

From: winged (winged_at_nofollow.com)
Date: 03/02/05 

Date: 01 Mar 2005 20:56:39 EST

winged wrote:
> FIX: UPGRADE FIREFOX 1.01 posted at firefox site.
>
> http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities&flashstatus=false
>
>
> The article indicates there are no currently know work arounds.
>
> Thought folks here would find this interesting.
>
> CAN-2005-0255
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255
>
> Mozilla indicates the likelihood of a working exploit is minimal:
>
> http://www.mozilla.org/security/announce/mfsa2005-18.html
>
> Mozilla indicates version 1.01 is not vulnerable.
>
> I thought folks might be interested. I would upgrade, while I
> understand the complexity of the exploit (ie injecting code at the fail
> point when memory heap is exhausted) a failed attempt would crash the
> browser. I would prefer my browser, or anything else, don't crash. I
> wouldn't be surprised to see the bad guys crash the browser just to be
> rude to those refusing their play toys.
>
> Winged

Was doing some research on the individual (Daniel de Wildt) who surfaced
this exploit and saw he had identified several others. (Just checking to
see if he was related to Microsoft, would have made a nice conspiracy
theory), but alas he has surfaced several MS exploits too. Someone get
this guy a passport and a job, he would be useful! He is involved in
much more than researching exploits, a true nerd. Of course it sounds
like he has a very full plate. An interesting person. Great google
excursion.

Winged

Relevant Pages

  • iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,Mozilla Browser Out Of Memory Heap Corrupti
    ... UPGRADE FIREFOX 1.01 posted at firefox site. ... Thought folks here would find this interesting. ... Mozilla indicates version 1.01 is not vulnerable. ... I would prefer my browser, or anything else, don't crash. ...
    (alt.computer.security)
  • Re: Features that can only be provided by the implementation?
    ... change "Common Lisp" a lot lately. ... many, or even most, changes that folks want could be built *in* ... browser, perhaps I'm incorrectly generalizing from "web browser". ... Process Browser - Graphical/Listener tool to see what processes/threads ...
    (comp.lang.lisp)
  • Re: M$ discovers tabbed browsing
    ... The new browser includes improved security and a tabbed browsing ... feature, long available in Firefox and Opera, which allows users to ... Was watching some technology show the other day, and tabbed browsing was ... I folks I know enjoy computers and enjoy ...
    (comp.sys.mac.advocacy)
  • Lengthy operations freeze the browser
    ... Hi folks, I've noticed that some lengthy operations (lasting for more than ... 4-5 secs) would freeze the browser, and on IE the following message will be ...
    (microsoft.public.scripting.jscript)
  • HELP understanding: remote execution bug?
    ... I would appreciate it you folks would answer a couple of basic ... questions about the "Remote execution" error: ... Is it a browser issue. ... Prev by Date: ...
    (comp.lang.php)