Twenty Year Anniversary

mozilla16win.txt

mozilla16win.txt
Posted Jan 11, 2005
Authored by Luca Ercoli

Mozilla version 1.6 for Windows is susceptible to a denial of service flaw due to a mishandling of xbm graphic files.

tags | advisory, denial of service
systems | windows
MD5 | d1e1070544b4a5d950dfec190cdc11a3

mozilla16win.txt

Change Mirror Download


Package: Mozilla
Auth: http://www.mozilla.org
Vulnerability Type: Remote Denial Of Service
Affected Software: Mozilla ver. 1.6 for Windows
(maybe vulnerable also prior versions)
Not vulnerable: Mozilla for Linux





What's Mozilla:
--------------

Mozilla is a suite of internet applications.
Users can choose which components meet their needs from
Web-browser, E-mail and Newsgroup client, IRC chat client,
and HTML editing.





Vulnerability Description:
-------------------------

Mail client and Web Browser allows the usage of XBM graphic
files and a security flaw in the way softwares handles those
images, allow a malicious user to perform a denial-of-service
attack. The X BitMap data is stored as ASCII data, and
files begin with '#define' statements in substitution
of a header.
Following is an example of a 16x16 XBM bitmap,
named Esempio.xbm:



#define Esempio_width 16
#define Esempio_height 16

static unsigned short Esempio_bits[] = {
0x0000, 0x35ca, 0x3c40, 0x0000, 0x7810, 0x0000, 0xe009, 0x0000,
0xc007, 0x05ba, 0x4ff6, 0x201e, 0xa08e, 0x0d3c, 0x02ad,
0x35ca};



Opening file, Mozilla read width and height values from '#define'
statement and try to allocate enought memory to display image.
Defining high values to width and height parameters would
cause the application to crash.
This vulnerability can be exploited by sending an e-mail containing
a specially crafted image, or tricking a user on a malicious website.





Proof of Concept:
----------------

A proof of concept is aviable at this address:

http://www.geocities.com/xbm_bug/index.html









Credits:

--
Luca Ercoli <luca.ercoli [at] inwind.it>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    4 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close