Network Security: Detailed info on Re : [Firefox Bug 302187] New: Shared section vulnerability when opening

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

Subject:	Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS
Date:	27 Jul 2005 09:28:16 -0000

Subject:

Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS

Date:

27 Jul 2005 09:28:16 -0000

Hello, More details about the potentiel vulnerability : Firefox is just starting a new process in the standard way, using CreateProcess (see <http://lxr.mozilla.org/seamonkey/source/nsprpub/pr/src/md/windows/ntmisc.c#391>). Firefox is already passing NULL to lpProcessAttributes and lpThreadAttributes, so it is using the "default" security descriptor. That might be the way that IE is using, by using a modified descriptor. Windows is the issue if the default behaviour provokes this error. But firefox in this case can't really be blamed for this problem, every applicition that launches another one will need to be fixed. Regards, Sylvain ROGER Security Consultant http://www.solucom.fr

<Prev in Thread]	Current Thread	[Next in Thread>
Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, sylvain . roger <= Re: Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, sylvain . roger

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec, FreeBSD Security Advisories
Next by Date:	Re: RE: Peter Gutmann data deletion theaory?, Ron van Daal
Previous by Thread:	FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec, FreeBSD Security Advisories
Next by Thread:	Re: Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, sylvain . roger
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec, FreeBSD Security Advisories

Next by Date:

Re: RE: Peter Gutmann data deletion theaory?, Ron van Daal

Previous by Thread:

FreeBSD Security Advisory FreeBSD-SA-05:19.ipsec, FreeBSD Security Advisories

Next by Thread:

Re: Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS, sylvain . roger

Indexes:

[Date] [Thread] [Top] [All Lists]