Twenty Year Anniversary

mozilla16win.txt

mozilla16win.txt
Posted Jan 11, 2005
Authored by Luca Ercoli

Mozilla version 1.6 for Windows is susceptible to a denial of service flaw due to a mishandling of xbm graphic files.

tags | advisory, denial of service
systems | windows
MD5 | d1e1070544b4a5d950dfec190cdc11a3

mozilla16win.txt

Change Mirror Download


Package: Mozilla
Auth: http://www.mozilla.org
Vulnerability Type: Remote Denial Of Service
Affected Software: Mozilla ver. 1.6 for Windows
(maybe vulnerable also prior versions)
Not vulnerable: Mozilla for Linux





What's Mozilla:
--------------

Mozilla is a suite of internet applications.
Users can choose which components meet their needs from
Web-browser, E-mail and Newsgroup client, IRC chat client,
and HTML editing.





Vulnerability Description:
-------------------------

Mail client and Web Browser allows the usage of XBM graphic
files and a security flaw in the way softwares handles those
images, allow a malicious user to perform a denial-of-service
attack. The X BitMap data is stored as ASCII data, and
files begin with '#define' statements in substitution
of a header.
Following is an example of a 16x16 XBM bitmap,
named Esempio.xbm:



#define Esempio_width 16
#define Esempio_height 16

static unsigned short Esempio_bits[] = {
0x0000, 0x35ca, 0x3c40, 0x0000, 0x7810, 0x0000, 0xe009, 0x0000,
0xc007, 0x05ba, 0x4ff6, 0x201e, 0xa08e, 0x0d3c, 0x02ad,
0x35ca};



Opening file, Mozilla read width and height values from '#define'
statement and try to allocate enought memory to display image.
Defining high values to width and height parameters would
cause the application to crash.
This vulnerability can be exploited by sending an e-mail containing
a specially crafted image, or tricking a user on a malicious website.





Proof of Concept:
----------------

A proof of concept is aviable at this address:

http://www.geocities.com/xbm_bug/index.html









Credits:

--
Luca Ercoli <luca.ercoli [at] inwind.it>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close