Closed
Bug 635159
Opened 14 years ago
Closed 14 years ago
line 111 strcpy rezname 512 / safer strncpy
Categories
(Firefox Build System :: General, defect)
Firefox Build System
General
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: pr3star, Unassigned)
References
()
Details
(Keywords: crash)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0C)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0C)
when i wont to do something like \x90 in the char ... the input name by exploit... the aplication close but process still run... and when i try to do something, firefox do everything what i say after then 0xc0000000 sector.
Reproducible: Sometimes
Steps to Reproduce:
1. try ...(\x90)... in the char rez name ( how much? 514, 518, 524... i try 526)
2. then try assembler code ... read the 0xc0000000 sector, and send to the other were is code
3. write on this sector everything you wont ...
4. then just open firefox second time and you will see... nothing (only write)
Actual Results:
i have funny feelings .... how can i run the cmd or notepad... because notepad can do everything... my problem is only how to get the adm rights...
Expected Results:
software should off... only code will be on
Comment 1•14 years ago
|
||
I don't follow what you are saying?
Do you mean there is a potential exploit?
If so, can you take a look at:
https://developer.mozilla.org/en/Bug_writing_guidelines
...and reply with more/clearer details.
Also, if this is a potential exploit, you really needed to have ticked the hide this bug tickbox...
Priority: P3 → --
Whiteboard: close firefox, start code
Comment 2•14 years ago
|
||
This bug report is not at all clear. Are you actually talking about the source file in the URL field? asencode.cpp doesn't appear to be used by anything, I think it's old left-over source.
-> INCOMPLETE unless you can explain things more clearly.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•6 years ago
|
Component: Build Config → General
Product: Firefox → Firefox Build System
You need to log in
before you can comment on or make changes to this bug.
Description
•