There was some confusion as to whether this bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=307259 in bugzilla) was
similar or identical to https://bugzilla.mozilla.org/show_bug.cgi?id=267669.
David Baron of Mozilla is saying (I think - see
Skylined, is there anything that you can't
exploit? ;-)
On a side note, an article quoting Ferris saying
that "Microsoft takes too long to patch stuff so that's why I'm going public"
recently was slashdotted (regarding a vulnerability he found in Internet
Explorer). Now he goes public with
Hi Skylined,
Thanks for the heads up.
Yes, certainly this is/was remotely exploitable. The good part is, that the
Mozilla Team has released a workaround/security patch to fix this issue.
They accomplish this by disabling IDN.
The What Firefox and Mozilla users should know about the IDN
On Sun, Sep 11, 2005 at 11:08:32PM +0300, Georgi Guninski wrote:
the most common examples of MS who^H^H^H zealots are:
1. MS is giving me money, so billg is good
2. i can't do anything except winblows, so i have winblows dependency.
no MS, no money, no love
... and then there are those
Yeah right.. and you decide to publicly disclose IE vulnerabilities before they getpatched, but not FireFox vulnerabilities for the good health of FF users, and not for the 500$ (for each not publicly disclosed vulnerability) from theMozilla foundation.
(the most common examples of MS who^H^H^H zealots are:
1. MS is giving me money, so billg is good)
must be Paul's grey hat continues to get whiter by the day , i thought
it was just because his mom never taught him not to bleach dark
clothes.
-illwill
Berend-Jan Wever napisaĆ(a):
The security vulnerability in Mozilla FireFox reported by Tom Ferris is
exploitable on Windows.
It's also easly exploitable on Linux -- no problems with jumping to arbitrary
address:
(gdb) x/i $eip
0x867926c _ZN16nsTypedSelection5ClearEP14nsIPresContext+2236: