firefox also vulnerable???

[hekkie]

try this -->

"A proof of concept page is available at computerterrorism.com to convince yourself that this does, indeed, work."
http://www.security.ithub.com/article/U ... 164_1.aspx
http://www.computerterrorism.com/research/ie/poc.htm

[Thumper]

Maybe if you'd bothered trying it yourself instead of running in here shouting about it, you'd see it isn't. Jeez.

- Chris

[hekkie]

Maybe if you'd bothered trying it yourself instead of running in here shouting about it, you'd see it isn't. Jeez.

- Chris

i have tried it with FF on linux and when javascript is enabled it crashed...so...i dont want to 'shout' about it...the article goes about an IE flaw...i was only asking if it also was crashing on somebody else using FF.

[rayo]

i was only asking if it also was crashing on somebody else using FF.

Well it crashed mine, using W2K. Had to reboot to start it up again.

[bollix47]

Crashes here too on Windows XP - did not have to reboot ... only Fx crashed

This is already in bugzilla

https://bugzilla.mozilla.org/show_bug.cgi?id=317334

[Thumper]

The exploit is arbitrary code execution, not "crashing". People should really be banned from reading security advisories without a note from their doctor.

- Chris

[bollix47]

Sorry Chris but when I get a window popping up that says "Firefox failing to respond..." and my only option is to "End Now" then I call it a crash. If my definition is incorrect so be it.

[KillingTime]

I think you missed the point, Bollix47. The exploit is supposed to allow an attacker to execute arbitrary code on your PC, but in the case of Firefox all it does is cause a crash. Crashing may be far from ideal behaviour, but it beats the hell out of allowing malicious code to be run!

[Spaceman-Spiff]

Bumping old topic here...

The page still crashes latest FF release (1.5 RC3). Though the exploit doesn't in FF, the buffer overflow exploit still manages to crash the browser, which is still a bad thing. Some malicious person can just use this to crash FF browsers.

The website doesn't do anything in Opera, it doesn't even crash Opera.

[Thumper]

We know. It'll get fixed at some point. This kind of crash isn't considered a priority, because as it isn't exploitable such sites don't exist in the wild.

- Chris

[stevelam]

We know. It'll get fixed at some point. This kind of crash isn't considered a priority, because as it isn't exploitable such sites don't exist in the wild.

- Chris

It is now

http://www.theregister.co.uk/2005/12/01 ... it_trojan/

[trparky]

Nevermind, wrong thread.

[scratch]

We know. It'll get fixed at some point. This kind of crash isn't considered a priority, because as it isn't exploitable such sites don't exist in the wild.

- Chris

It is now

http://www.theregister.co.uk/2005/12/01 ... it_trojan/

yes, but you are unable to EXPLOIT anything with it in firefox.

oh noes, it crashes my browser! big deal.

[GTK66]

Maybe if you'd bothered trying it yourself instead of running in here shouting about it, you'd see it isn't. Jeez.

- Chris

i have tried it with FF on linux and when javascript is enabled it crashed...so...i dont want to 'shout' about it...the article goes about an IE flaw...i was only asking if it also was crashing on somebody else using FF.

It does NOT crash my Firefox 1.5 with javascript enabled.

[old zmanzero]

seen the "terrorism". i have "noscript". i am immune to links posted in these forums. this is a weenie subject. just a weenie thing. out of all the postings i have observed concerning this subject they belong in the weenie barrel. with the pickels. post a link that will crash me and let's see what this is all about. i dare you. anyone.