Dailydave mailing list archives
Re: Firefox bugs
From: security curmudgeon <jericho () attrition org>
Date: Tue, 3 Oct 2006 13:16:58 -0400 (EDT)
http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon On Tue, 3 Oct 2006, Dave Aitel wrote: : -----BEGIN PGP SIGNED MESSAGE----- : Hash: SHA1 : : Didn't you post on your weblog some stuff about Chrome: being buggy? : It's completely believable to have a chrome: context issue in Firefox. : I recall you said something about iterators, but I don't have a : Mozilla developer account so I can't look at the diff. : : Are the slides/full PoC available publicly? : - -dave : : Thor Larholm wrote: : > Their PoC, both the one in their slides and the full PoC, is : > nothing more than an out-of-memory crash, of which Firefox already : > has plenty. They were still struggling to write a working exploit : > days after the presentation, even though they claimed to have just : > that during the presentation. : > : > Long story short, the bug is just a bug - not a vulnerability. : > : > : > Regards Thor Larholm : > : > : > Dave Aitel wrote: : > : > For those of you under a rock, there's a new firefox bug: : > http://developer.mozilla.org/devnews/ : > : > I read somewhere that the PoC was posted to the web, but I can't : > find it anywhere. : > : > For those of you who watched the HP testemony on cspan.org, you may : > have noticed that ReadNotify was used in a prior DD posting. DD : > goes out to maybe 2500 people last time I checked...and I got under : > a hundred readnotify responses. This corresponds with my last use : > of web bugs against someone trying to blackmail one of my clients. : > It just didn't work. This was the one big tool in the FBI/NYPD's : > toolbox, and it's been broken during the fight against spammers. We : > had to do a statistical analysis of all the web page accesses to : > get close. : > : > Anyways, our congresscritters think that SPYWARE==WEB BUG. And it's : > not true. Someone needs to call them and explain it slowly. : > : > -dave : >> : _______________________________________________ : Dailydave mailing list : Dailydave () lists immunitysec com : http://lists.immunitysec.com/mailman/listinfo/dailydave : : >> : : : -----BEGIN PGP SIGNATURE----- : Version: GnuPG v1.4.2.1 (Cygwin) : : iD8DBQFFIphktehAhL0gheoRAnmaAJ9GrDismomXZ2IGvrhZ3mHSNuAbuACffNDP : Pun6oHU9M1csKuJwcJs2EAM= : =fVut : -----END PGP SIGNATURE----- : : _______________________________________________ : Dailydave mailing list : Dailydave () lists immunitysec com : http://lists.immunitysec.com/mailman/listinfo/dailydave : _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs Thor Larholm (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs security curmudgeon (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs H D Moore (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs Thor Larholm (Oct 03)
- Re: Firefox bugs Thor Larholm (Oct 03)
- Re: Firefox bugs Matt (Oct 03)
- Re: Firefox bugs Dave Aitel (Oct 03)
- Re: Firefox bugs endrazine (Oct 03)
- Re: Firefox bugs [iRant] Bas Alberts (Oct 03)
- Re: Firefox bugs [iRant] Jared DeMott (Oct 04)
- Re: Firefox bugs Rob Lemos (Oct 04)