Document Title: =============== Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2050 Release Date: ============= 2017-05-04 Vulnerability Laboratory ID (VL-ID): ==================================== 2050 Common Vulnerability Scoring System: ==================================== 3 Vulnerability Class: ==================== Denial of Service Product & Service Introduction: =============================== The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features. (Copy of the Vendor Homepage: https://www.torproject.org/about/overview) Abstract Advisory Information: ============================== The vulnerability laboratory core research team discovered a null pointer denial of service vulnerability in the Mozilla Firefox v52.02 & Tor Browser v6.5.1 for microsoft windows. Vulnerability Disclosure Timeline: ================================== 2017-04-09: Researcher Notification & Coordination (SaifAllah benMassaoud) 2017-04-10: Vendor Notification (Mozilla Security Team) 2017-04-12: Vendor Response/Feedback (Mozilla Security Team) 2017-**-**: Vendor Fix/Patch (Mozilla Service Developer Team) 2017-05-04: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Tor Project Product: Tor Browser - Software (Mozilla Firefox Engine) 6.5.1 Exploitation Technique: ======================= Local Severity Level: =============== Medium Technical Details & Description: ================================ A null pointer vulnerability has been discovered in the Mozilla Firefox v52.02 & Tor Browser v6.5.1 for microsoft windows. The vulnerability allows to crash the software application with an unexpected error exception. The software vulnerability is located in the xml document parser of the firefox engine in the tor browser. The issue could corrupt memory in such a way that remote attackers could crash affected versions permanently. The crash occurs because of a provoked non-exploitable stack overflow issue. The issue is in connection to the design and template. The security risk of the vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.0. Exploitation of the denial of service web vulnerability requires low interaction and no privilege system user account. Successful exploitation of the application web vulnerability results in permanent application crashs or stable process shutdown. Affected Version(s): [+] Mozilla Firefox v52.02 [+] Stable Tor Browser - Microsoft Windows (6.5.1) 32/64-bit (sig) [+] Experimental Tor Browser - Microsoft Windows (7.0a2) 32/64-bits (sig) Proof of Concept (PoC): ======================= The remote point vulnerability can be exploited by remote attackers without privilege application user account and with low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploit https://www.vulnerability-lab.com/resources/documents/poc_2015.rar --- Debug Error Exception Log --- (c68.161c): Stack overflow - code c00000fd eax=00000001 ebx=23a7ab68 ecx=23a7ab68 edx=00000000 esi=23a7a938 edi=00000000 eip=02a0a811 esp=00202fb0 ebp=00000001 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210202 *** WARNING: Unable to verify timestamp for C:UsersdellDesktopTor BrowserBrowserxul.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:UsersdellDesktopTor BrowserBrowserxul.dll - xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcd673: 02a0a811 89442438 mov dword ptr [esp+38h],eax ss:0023:00202fe8=00000000 --- Debug Logs [Exception Analysis] --- FAULTING_IP: xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+cda4f 02a0abed 83ec08 sub esp,8 - EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff) ExceptionAddress: 02a0a811 (xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0x000cd673) ExceptionCode: c00000fd (Stack overflow) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00202fe8 FAULTING_THREAD: 0000161c BUGCHECK_STR: c00000fd PROCESS_NAME: image01350000 MODULE_NAME: xul FAULTING_MODULE: 77210000 ntdll DEBUG_FLR_IMAGE_TIMESTAMP: 0 ERROR_CODE: (NTSTATUS) 0xc00000fd - A new guard page for the stack cannot be created. DEFAULT_BUCKET_ID: WRONG_SYMBOLS RECURRING_STACK: From frames 0x1 to 0x1 LAST_CONTROL_TRANSFER: from 02a0abed to 02a0a811 - STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 00203018 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcd673 00203088 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002030f8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203168 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002031d8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203248 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002032b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203328 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203398 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203408 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203478 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002034e8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203558 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002035c8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203638 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002036a8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203718 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203788 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002037f8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203868 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002038d8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203948 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002039b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203a28 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203a98 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203b08 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203b78 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203be8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203c58 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203cc8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203d38 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203da8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203e18 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203e88 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203ef8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203f68 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00203fd8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204048 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002040b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204128 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204198 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204208 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204278 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002042e8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204358 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002043c8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204438 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002044a8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204518 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204588 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002045f8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204668 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002046d8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204748 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002047b8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204828 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204898 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204908 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204978 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 002049e8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204a58 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204ac8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204b38 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204ba8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204c18 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204c88 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204cf8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204d68 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204dd8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204e48 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204eb8 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204f28 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00204f98 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00205008 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f 00205078 02a0abed 00000001 00000000 00000000 xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+0xcda4f - FOLLOWUP_IP: xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+cda4f 02a0abed 83ec08 sub esp,8 SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: xul!ZN9imgLoader24SupportImageWithMimeTypeEPKc17AcceptedMimeTypes+cda4f FOLLOWUP_NAME: MachineOwner IMAGE_NAME: xul.dll STACK_COMMAND: ~0s ; kb BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner --------- 0:000> lmvm xul start end module name 01fb0000 063cd000 xul T (export symbols) C:UsersdellDesktopTor BrowserBrowserxul.dll Loaded symbol image file: C:UsersdellDesktopTor BrowserBrowserxul.dll Image path: C:UsersdellDesktopTor BrowserBrowserxul.dll Image name: xul.dll Timestamp: unavailable (00000000) CheckSum: 043E4461 ImageSize: 0441D000 File version: 45.8.0.6241 Product version: 45.8.0.6241 File flags: 8 (Mask 3F) Private File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0000.04b0 CompanyName: Mozilla Foundation ProductName: Tor Browser InternalName: OriginalFilename: xul.dll ProductVersion: 45.8.0 FileVersion: 45.8.0 FileDescription: LegalCopyright: License: MPL 2 LegalTrademarks: Mozilla Comments: 0:000> lmvm ntdll start end module name 77210000 7734c000 ntdll (export symbols) C:WindowsSYSTEM32ntdll.dll Loaded symbol image file: C:WindowsSYSTEM32ntdll.dll Image path: ntdll.dll Image name: ntdll.dll Timestamp: Mon Jul 13 18:09:47 2009 (4A5BDADB) CheckSum: 0014033F ImageSize: 0013C000 File version: 6.1.7600.16385 Product version: 6.1.7600.16385 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: MicrosoftA(r) WindowsA(r) Operating System InternalName: ntdll.dll OriginalFilename: ntdll.dll ProductVersion: 6.1.7600.16385 FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) FileDescription: NT Layer DLL LegalCopyright: A(c) Microsoft Corporation. All rights reserved. --- Erro Report Log --- Version=1 EventType=APPCRASH EventTime=131359951583902806 ReportType=2 Consent=1 ReportIdentifier=517d3ecb-1b21-11e7-ab35-005056c00008 IntegratorReportIdentifier=517d3eca-1b21-11e7-ab35-005056c00008 Response.type=4 Sig[0].Name=Application Name Sig[0].Value=firefox.exe Sig[1].Name=Application Version Sig[1].Value=45.8.0.6241 Sig[2].Name=Application Timestamp Sig[2].Value=00000000 Sig[3].Name=Fault Module Name Sig[3].Value=xul.dll Sig[4].Name=Fault Module Version Sig[4].Value=45.8.0.6241 Sig[5].Name=Fault Module Timestamp Sig[5].Value=00000000 Sig[6].Name=Exception Code Sig[6].Value=c00000fd Sig[7].Name=Exception Offset Sig[7].Value=00a5a819 DynamicSig[1].Name=OS Version DynamicSig[1].Value=6.1.7600.2.0.0.256.1 DynamicSig[2].Name=Locale ID DynamicSig[2].Value=1033 DynamicSig[22].Name=Additional Information 1 DynamicSig[22].Value=e5b7 DynamicSig[23].Name=Additional Information 2 DynamicSig[23].Value=e5b7e7b1ec7347f7a70dede1494dfb88 DynamicSig[24].Name=Additional Information 3 DynamicSig[24].Value=70b7 DynamicSig[25].Name=Additional Information 4 DynamicSig[25].Value=70b79d596cf0335109475db3ac4baee8 UI[2]=C:UsersdellDesktopTor BrowserBrowserfirefox.exe UI[3]=Tor Browser has stopped working UI[4]=Windows can check online for a solution to the problem. UI[5]=Check online for a solution and close the program UI[6]=Check online for a solution later and close the program UI[7]=Close the program LoadedModule[0]=C:UsersdellDesktopTor BrowserBrowserfirefox.exe ... ... ... LoadedModule[95]=C:Windowssystem32ntmarta.dll LoadedModule[96]=C:Windowssystem32WLDAP32.dll FriendlyEventName=Stopped working ConsentKey=APPCRASH AppName=Tor Browser AppPath=C:UsersdellDesktopTor BrowserBrowserfirefox.exe --- Event Logs Application Crash --- Problem Event Name: APPCRASH Application Name: firefox.exe Application Version: 45.8.0.6241 Application Timestamp: 00000000 Fault Module Name: xul.dll Fault Module Version: 45.8.0.6241 Fault Module Timestamp: 00000000 Exception Code: c00000fd Exception Offset: 00a5a811 OS Version: 6.1.7600.2.0.0.256.1 Locale ID: 1033 Additional Information 1: a460 Additional Information 2: a4607e0fb6d61108ec72f324260bba98 Additional Information 3: 82d2 Additional Information 4: 82d2460400e752ab0685a263d9ca571b Security Risk: ============== The security risk of the local point issue and denial of service vulnerability in the tor software is estimated as medium. (CVSS 3.0) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - SaifAllah benMassaoud (https://twitter.com/benmassaou) - (http://www.vulnerability-lab.com/show.php?user=SaifAllahbenMassaoud ) Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, phone numbers, conversations or anything else to journalists, investigative authorities or private individuals. Domains: www.vulnerability-lab.com - www.vulnerability-db.com - www.evolution-sec.com Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register.php Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Social: twitter.com/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission. Copyright A(c) 2017 | Vulnerability Laboratory - [Evolution Security GmbH]aC/ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com