Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Date: Mon Jul 12 2004 - 17:35:10 EDT
On Monday 12 July 2004 20:52, st3ng4h wrote:
> On Mon, Jul 12, 2004 at 07:14:02PM +0200, David Huecking wrote:
> > Hmm, very funny modified BMPs?!
>
> [snip]
>
> > So we see the true nature of this picture.
>
> This is precisely the point that almost everyone is missing
> completely (but still clamoring "it works on X, it doesn't work on
> Y"), and that Sapheriel pinpointed: the core problem lies in the
> Windows .bmp implementation.
Well, _if_ it does. What is actually happening is that you load a graphic
with a massive resolution. Linking to a page with a 4400 MB jpeg isn't
exactly what I'd call a DoS, but the effect sure looks like it though ;-)
However... maybe I was jumping to conclusions too quick...
Since, for the record, Mozilla on linux doesn't suffer anything.
Or so it seems.
Maarten
-- Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Mon Jul 12 19:30:45 2004
This archive was generated by hypermail 2.1.8 : Mon Jul 12 2004 - 20:02:54 EDT
