[Full-Disclosure] Firefox 0.92 DoS via TinyBMP
st3ng4h at comcast.net
Mon Jul 12 14:25:30 BST 2004
On Mon, Jul 12, 2004 at 01:23:39PM +0200, thE_iNviNciblE wrote:
> there is a security vulnerability in Firebox 0.92 (latest Version)
> this link causes that your virutal memory will be rise up 1,2 GB used
> maybe Thunderbird 0.72 is also vulnerable via HTML.
Are you certain this is a vuln in Firefox?
On W2K SP4 fully patched: I can verify that opening that page in
Firefox 0.9.2 causes VM to balloon.
However, I get almost identical results opening the same page in IE
6sp1, and can cause excessive VM consumption by opening little.bmp
referenced in your page in MS Paint.
Full-Disclosure is hosted and sponsored by Secunia.