[Full-disclosure] Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file
Robert Wesley McGrew
wesley at mcgrewsecurity.com
Tue May 1 14:08:16 BST 2007
On 5/1/07, carl hardwick <hardwick.carl at gmail.com> wrote:
> Product: Firefox 2.0.0.3
> Description: Out-of-bounds memory access via specialy crafted html file
> Type: Remote
>
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
>
> Proof Of Concept exploit:
> http://www.critical.lt/research/opera_die_happy.html
This doesn't work in Firefox 2.0.0.3 in Ubuntu 7.04. This sounds like
it might be another case of mistaken identity with the heap overflow
vulnerability in Nvidia blob drivers for Linux, as this was one way to
exploit it.
--
Robert Wesley McGrew
http://mcgrewsecurity.com
Full-Disclosure is hosted and sponsored by Secunia.