iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,MozillaBrowser Out Of Memory Heap Corruptio

Discussion in 'Computer Security' started by winged, Mar 2, 2005.

  1. winged

    winged Guest

    FIX: UPGRADE FIREFOX 1.01 posted at firefox site.

    http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities&flashstatus=false

    The article indicates there are no currently know work arounds.

    Thought folks here would find this interesting.

    CAN-2005-0255

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255

    Mozilla indicates the likelihood of a working exploit is minimal:

    http://www.mozilla.org/security/announce/mfsa2005-18.html

    Mozilla indicates version 1.01 is not vulnerable.

    I thought folks might be interested. I would upgrade, while I
    understand the complexity of the exploit (ie injecting code at the fail
    point when memory heap is exhausted) a failed attempt would crash the
    browser. I would prefer my browser, or anything else, don't crash. I
    wouldn't be surprised to see the bad guys crash the browser just to be
    rude to those refusing their play toys.

    Winged
    winged, Mar 2, 2005
    #1
    1. Advertising

  2. winged

    winged Guest

    Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,Mozilla

    winged wrote:
    > FIX: UPGRADE FIREFOX 1.01 posted at firefox site.
    >
    > http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities&flashstatus=false
    >
    >
    > The article indicates there are no currently know work arounds.
    >
    > Thought folks here would find this interesting.
    >
    > CAN-2005-0255
    >
    > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255
    >
    > Mozilla indicates the likelihood of a working exploit is minimal:
    >
    > http://www.mozilla.org/security/announce/mfsa2005-18.html
    >
    > Mozilla indicates version 1.01 is not vulnerable.
    >
    > I thought folks might be interested. I would upgrade, while I
    > understand the complexity of the exploit (ie injecting code at the fail
    > point when memory heap is exhausted) a failed attempt would crash the
    > browser. I would prefer my browser, or anything else, don't crash. I
    > wouldn't be surprised to see the bad guys crash the browser just to be
    > rude to those refusing their play toys.
    >
    > Winged


    Was doing some research on the individual (Daniel de Wildt) who surfaced
    this exploit and saw he had identified several others. (Just checking to
    see if he was related to Microsoft, would have made a nice conspiracy
    theory), but alas he has surfaced several MS exploits too. Someone get
    this guy a passport and a job, he would be useful! He is involved in
    much more than researching exploits, a true nerd. Of course it sounds
    like he has a very full plate. An interesting person. Great google
    excursion.

    Winged
    winged, Mar 2, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    Windows Desktop Heap Tweak Guide Posted!

    Silverstrand, Jul 20, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    899
    Silverstrand
    Jul 20, 2005
  2. =?Utf-8?B?U2NvdHQgQ3VtbWlucw==?=

    Maximum JVM heap size greater than 1.8GB will prevent ColdFusion M

    =?Utf-8?B?U2NvdHQgQ3VtbWlucw==?=, May 8, 2007, in forum: Windows 64bit
    Replies:
    1
    Views:
    1,838
    Jane C
    May 9, 2007
  3. Au79
    Replies:
    1
    Views:
    485
    Fuzzy Logic
    Aug 17, 2007
  4. Mads
    Replies:
    3
    Views:
    2,477
    Darrell Gorter[MSFT]
    Sep 18, 2007
  5. heidigal83

    C++: Run time error - Corruption of heap

    heidigal83, Oct 7, 2010, in forum: Software
    Replies:
    0
    Views:
    909
    heidigal83
    Oct 7, 2010
Loading...

Share This Page