[Dailydave] Firefox bugs
Thor Larholm
thor at polypath.com
Tue Oct 3 17:00:06 Local tim 2006
Their PoC, both the one in their slides and the full PoC, is nothing
more than an out-of-memory crash, of which Firefox already has plenty.
They were still struggling to write a working exploit days after the
presentation, even though they claimed to have just that during the
presentation.
Long story short, the bug is just a bug - not a vulnerability.
Regards
Thor Larholm
Dave Aitel wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>For those of you under a rock, there's a new firefox bug:
>http://developer.mozilla.org/devnews/
>
>I read somewhere that the PoC was posted to the web, but I can't find
>it anywhere.
>
>For those of you who watched the HP testemony on cspan.org, you may
>have noticed that ReadNotify was used in a prior DD posting. DD goes
>out to maybe 2500 people last time I checked...and I got under a
>hundred readnotify responses. This corresponds with my last use of web
>bugs against someone trying to blackmail one of my clients. It just
>didn't work. This was the one big tool in the FBI/NYPD's toolbox, and
>it's been broken during the fight against spammers. We had to do a
>statistical analysis of all the web page accesses to get close.
>
>Anyways, our congresscritters think that SPYWARE==WEB BUG. And it's
>not true. Someone needs to call them and explain it slowly.
>
>- -dave
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.1 (Cygwin)
>
>iD8DBQFFIpLEtehAhL0gheoRAiDNAJsGEs7d3I4yNNuBWzmehQ2Eb3kLDwCeNIqO
>QEM6Hw9878MM59bzFVpJUQs=
>=iwXJ
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Dailydave mailing list
>Dailydave at lists.immunitysec.com
>http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
More information about the Dailydave
mailing list