Massassi Forums Logo

This is the static archive of the Massassi Forums. The forums are closed indefinitely. Thanks for all the memories!

You can also download Super Old Archived Message Boards from when Massassi first started.

"View" counts are as of the day the forums were archived, and will no longer increase.

ForumsDiscussion Forum → Firefox vulnerability
Firefox vulnerability
2005-04-04, 3:34 PM #1
/. story

Click here for a demonstration, then click here for the wall of shame. ;)

Basically, its a memory hole in Gecko's JS engine that lets scripts grab chunks of data out of the browser's memory space.
And when the moment is right, I'm gonna fly a kite.
2005-04-04, 3:46 PM #2
I see that the Mac version of Firefox does the same thing.
SnailIracing:n(500tpostshpereline)pants
-----------------------------@%
2005-04-04, 3:49 PM #3
But there is already a patch for it, yes?
2005-04-04, 3:52 PM #4
Quote:
Originally posted by Lord Kuat
But there is already a patch for it, yes?
Not yet, but it should be too long.
And when the moment is right, I'm gonna fly a kite.
2005-04-04, 3:53 PM #5
Firefox still > IE
This is retarded, and I mean drooling at the mouth
2005-04-04, 3:59 PM #6
Quote:
Originally posted by gbk
Not yet, but it should be too long.


Did you look at this reply:

http://it.slashdot.org/comments.pl?sid=144936&cid=12137600
2005-04-04, 4:03 PM #7
Quote:
Originally posted by Lord Kuat
Did you look at this reply....

Not until now....I guess there is a patch after all... :o
And when the moment is right, I'm gonna fly a kite.
2005-04-04, 4:11 PM #8
Quote:
Originally posted by gbk
Not until now....I guess there is a patch after all... :o


Well, the reply did get a "1" score for some reason, and no one payed attention to it, so I was also questioning its validity.
2005-04-04, 4:53 PM #9
WTF L0Lz DUDE TEH DEMO DONT WROK IT JUS SHUT DOWN TEH INTARWEB!!!!???~~~~~
Stuff
2005-04-04, 4:55 PM #10
that demonstration crashed my firefox on multiple occasions.
2005-04-04, 5:28 PM #11
Quote:
Originally posted by kyle90
WTF L0Lz DUDE TEH DEMO DONT WROK IT JUS SHUT DOWN TEH INTARWEB!!!!???~~~~~


...

*smack*
$do || ! $do ; try
try: command not found
Ye Olde Galactic Empire Mission Editor (X-wing, TIE, XvT/BoP, XWA)
2005-04-04, 5:55 PM #12
i just got a lot of random letters and a few urls, didn't see anything sensitive
free(jin);
tofu sucks
2005-04-04, 6:34 PM #13
If you click the update button on the toolbar the built-in update finder will produce the patch.
Steal my dreams and sell them back to me.....
2005-04-04, 6:57 PM #14
It just constantly loads for me :\
"Jayne, this is something the Captain has to do for himself"

"N-No it's not!"

"Oh."
2005-04-04, 7:08 PM #15
Quote:
Originally posted by Glyde Bane
It just constantly loads for me :\

Yeah....and on every refresh, it adds more of the contents of your ram to the wall of shame....
And when the moment is right, I'm gonna fly a kite.
2005-04-05, 5:46 AM #16
Quote:
Originally posted by Bounty Hunter 4 hire
If you click the update button on the toolbar the built-in update finder will produce the patch.


Not for me.

GBK's wall of shame seems to have turned into Xs...

2005-04-05, 5:56 AM #17
The following Gecko UA is not vulnerable:
Code: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050404 Firefox/1.0+

...which appears to be a nightly build. So, yes, there is a patch. :D
And when the moment is right, I'm gonna fly a kite.
2005-04-05, 6:01 AM #18
I'm a pillock. No really, I am.
Hey, Blue? I'm loving the things you do. From the very first time, the fight you fight for will always be mine.
2005-04-05, 6:07 AM #19
With my unbeatable Konqueror I also just produced several X. How is the IE?
Sorry for the lousy German
2005-04-05, 6:31 AM #20
Any way to trace such scripts back to their originator?
Math is infinitely finite, while the universe is finitely infinite. PI = QED
2005-04-05, 11:16 AM #21
Just a bunch of clicking like it was following a link, I hit the 'X' and it stopped.
Yet Another Massassi Map | Sadly I Have a Blog Too
2005-04-05, 2:01 PM #22
Hahah going through the snarf.txt I found this:

Code: 
' Ebony Sex A 9 Erotic Literature sk )"   e Gay Sex Group Sex G r A A Q A u A A A A# u Q A A u AN u A Q A A Q Q Q A A" A u u A A q Q A A Q q A" Q A A# q A A  A A A q q q Q Q Q Q u Q Q Q Q Q Q Q Q Q q A A A A# A A u u q A u u q A A0 A A/ A A. Q A A- Q A A A A A A A A) A A( A A' A A& A A A% A A A" A A# A A" A A Q u u u q A A  A A q q q q u u Q Q Q Q A AY u A u u A W Q A W W W A W A A A A u u A Q u W u u u u u u q A A0 A A/ A A. A A- A A A A A A A Q u u Q Q u u A A) A A( A A' A A& A A% A A A Mature Sex ' Amateur Sex )   ' Sex Toys ) ) ' - ' Adult Stumblers B F B A G " A H   g D t H J   e H -1 BL ) ' set_args('tt0286183'  8) Amazon.com (op P   ( tp://forums.massassi.net/vb/images/multipage.gif ; P / 8 w @ /conditions ) ' g a a 7-43-0-0-1-2-0-0-0-1-1-0-1-6-0-0- y) favorites_of Z l z P cument.getElementById(youAreOnID) has no properties


Which massassian was looking at Porn???
"Nulla tenaci invia est via"
2005-04-05, 2:11 PM #23
I could easily find out by searching for the IP on the cp. I wont though... perhaps GBK should've coded the page so that IPs werent displayed?
2005-04-05, 2:14 PM #24
Yeah, jesus gbk, I feel so violated. Good thing I'm on a university computer. (that one wasn't me btw)
"it is time to get a credit card to complete my financial independance" — Tibby, Aug. 2009
2005-04-05, 2:32 PM #25
I guess they gay porn site is a reminder that massassi is truly a home to all sorts of geeks: Gay geeks, Straight Geeks... heck, even Girly Geeks. :p
Sneaky sneaks. I'm actually a werewolf. Woof.
2005-04-05, 4:22 PM #26
Quote:
Originally posted by DSettahr
I could easily find out by searching for the IP on the cp. I wont though...
Go for it. :p

Quote:
...perhaps GBK should've coded the page so that IPs werent displayed?
If the IPs wernt logged, how could it be a wall of shame? :confused:
And when the moment is right, I'm gonna fly a kite.

↑ Up to the top!