Closed
Bug 163588
Opened 22 years ago
Closed 22 years ago
buffer overflow in Chatzilla
Categories
(Other Applications :: ChatZilla, defect)
Tracking
(Not tracked)
People
(Reporter: trevor, Assigned: rginda)
References
()
Details
On Bugtraq, Thor Larholm <Thor@jubii.dk> reported: The IRC:// protocol inhibited by Mozilla/NS6 seems to have a buffer overrun. A typical IRC URL could look like this: IRC://IRC.YOUR.TLD/#YOURCHANNEL The #YOURCHANNEL part is copied to a buffer that has a limit of 32K. If the input exceeds this limit, Mozilla 1.0 RC1 crashes with the following error: The exception unknown software exception (0xc00000fd) occured in the application at location 0x60e42edf At http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html he has provided a Web page which demonstrates the bug. It does not always work for me, but I wrote a demonstration page according to his instructions which gives more consistent results: http://jpj.net/~trevor/chatzilla.html . Not installing the Chatzilla component is an effective workaround, as is removing the chatzilla.jar archive after installation.
Assignee | ||
Comment 1•22 years ago
|
||
This is not a buffer overrun, but a blown stack performing a regexp match against a very large string. Not exploitable. There is a dupe of this out there, possible left open to remind me to not match against large strings, or possibly marked INVALID, I forget.
Comment 2•22 years ago
|
||
*** This bug has been marked as a duplicate of 94448 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Core → Other Applications
You need to log in
before you can comment on or make changes to this bug.
Description
•