|
|
|
|
|
|||||||
 |
Computer Security - iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,MozillaBrowser Out Of Memory Heap Corruption Design Error |
|
|
Thread Tools | Search this Thread |
03-02-2005, 12:46 AM
|
#1 |
iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,MozillaBrowser Out Of Memory Heap Corruption Design Error
FIX: UPGRADE FIREFOX 1.01 posted at firefox site.
http://www.idefense.com/application/...status=fa lse The article indicates there are no currently know work arounds. Thought folks here would find this interesting. CAN-2005-0255 http://cve.mitre.org/cgi-bin/cvename...=CAN-2005-0255 Mozilla indicates the likelihood of a working exploit is minimal: http://www.mozilla.org/security/anno...sa2005-18.html Mozilla indicates version 1.01 is not vulnerable. I thought folks might be interested. I would upgrade, while I understand the complexity of the exploit (ie injecting code at the fail point when memory heap is exhausted) a failed attempt would crash the browser. I would prefer my browser, or anything else, don't crash. I wouldn't be surprised to see the bad guys crash the browser just to be rude to those refusing their play toys. Winged winged |
|
|
|
03-02-2005, 01:56 AM
|
#2 |
|
Posts: n/a
|
Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,Mozilla
winged wrote:
> FIX: UPGRADE FIREFOX 1.01 posted at firefox site. > > http://www.idefense.com/application/...status=fa lse > > > The article indicates there are no currently know work arounds. > > Thought folks here would find this interesting. > > CAN-2005-0255 > > http://cve.mitre.org/cgi-bin/cvename...=CAN-2005-0255 > > Mozilla indicates the likelihood of a working exploit is minimal: > > http://www.mozilla.org/security/anno...sa2005-18.html > > Mozilla indicates version 1.01 is not vulnerable. > > I thought folks might be interested. I would upgrade, while I > understand the complexity of the exploit (ie injecting code at the fail > point when memory heap is exhausted) a failed attempt would crash the > browser. I would prefer my browser, or anything else, don't crash. I > wouldn't be surprised to see the bad guys crash the browser just to be > rude to those refusing their play toys. > > Winged Was doing some research on the individual (Daniel de Wildt) who surfaced this exploit and saw he had identified several others. (Just checking to see if he was related to Microsoft, would have made a nice conspiracy theory), but alas he has surfaced several MS exploits too. Someone get this guy a passport and a job, he would be useful! He is involved in much more than researching exploits, a true nerd. Of course it sounds like he has a very full plate. An interesting person. Great google excursion. Winged winged |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Error: Physical sythesis tool PALAC is not supported by Formal Verification tool Conf | bbiandov | Software | 0 | 12-22-2008 05:25 AM |
| Computer Security | aldrich.chappel.com.use@gmail.com | A+ Certification | 0 | 11-27-2007 02:11 AM |
| Need help on Modelsim VHDL syntax? ASAP:) | kaji | General Help Related Topics | 0 | 03-14-2007 10:43 PM |
| Need help on a Modelsim VHDL Syntax? ASAP:) | kaji | Software | 0 | 03-14-2007 10:43 PM |
| Need Help on a Modelsim VHDL Syntax....ASAP:) | kaji | Hardware | 0 | 03-14-2007 10:41 PM |
