16
febrero
2008

FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Opera and FireFox contains vulnerable code for handling BMP files with partial palette. The code allows to craft a BMP file that leaks information from the heap. This information can be sent to remote server using canvas tag (HTML 5) and javascript.


See the demonstration video at:
http://blog.hispasec.com/lab/files/ff_2_0_0_11.avi (5.7mb, AVI, DivX 6.6.1)

Read more at:
/advisories/adv_Opera_and_Firefox_Remote_Memory_Information_Leak.txt

Sent by Gynvael Coldwind @ 17:06 | Permalink | Comments (56) | Trackbacks (0)
Comentarios
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

can a hacker get only Screenshot, or text data?

Posted by: Vovan at febrero 22,2008 02:12
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Firefox 2.0.0.11 may crash when using this vulnerability due to heap boundary error (read access violation). So it is possible to remotely crash the browser.

Posted by: rhce dumps at julio 04,2009 11:40
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

The BMP format has a field in the BITMAPINFOHEADER named biClrUsed, the field says how many colors does the palette contain. If this field is 0, then 256 color palette is used. When this field is not 0, the palette has the given number of colors.

Both browsers either allocate to just the "right" amount of memory (using the equation biClrUsed * sizeof(RGB)), or forget to zero the allocated palette. In this case, if a color from the upper (non existing or not zeroed) part of the palette is used, some information is copied to the screen as a colorful pixel.

Posted by: cheap web hosting at agosto 08,2009 22:16
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

A superior knowledge about FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak! People could see essay writing services to buy an essay, also people would like to order essay writing.

Posted by: kiss at septiembre 05,2009 12:59
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Some essays writing services do the best essay writing example connecting with Firefox and the good ideas about our prices, we will surely get without money!

Posted by: John Smith at septiembre 22,2009 10:34
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

People in the world buy the research papers or custom essay at the paper writing services just about Memory Information Leak. The students know about the essay writing from the term paper writing service.

Posted by: sadas at septiembre 24,2009 16:23
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

A lot students give the responsibility to professional resume writers because they don't have the skill to compose a good resume thats the reason why you
need to
resume writers, but such people like composer don't do that. Thanks for the information. A kind of important knowledge about FireFox 2.0.

Posted by: Alex at septiembre 30,2009 08:25
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

in fact, to say nothing more on this subject, but still would like to thank for sharing respects
Dear Admin, I thank you for this informative article. Sohbet And I thank you for this . I follow your vendors. It’s verry good.I wish you continued success

Posted by: chat at octubre 02,2009 20:21
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

in fact, to say nothing more on this subject, but still would like to thank for sharing respects
Dear Admin, I thank you for this informative article. Sohbet And I thank you for this . I follow your vendors. It’s verry good.I wish you continued success

Posted by: chat at octubre 02,2009 20:22
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Firefox 2.0.0.11 may crash when using this vulnerability due to heap boundary error (read access violation). So it is possible to remotely crash the browser.

Posted by: sohbet at octubre 02,2009 20:24
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Firefox 2.0.0.11 may crash when using this vulnerability due to heap boundary error (read access violation). So it is possible to remotely crash the browser.

Posted by: sohbet at octubre 02,2009 20:24
Logo Design

So it is possible to remotely crash the browser.

Security Logos | Food Logos | Transport Logos

Posted by: James Taylor at octubre 03,2009 11:43

It’s verry good

Charity Logo | Education Logo

Posted by: James Taylor at octubre 03,2009 11:43
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

They must need Graduate, Their training is really good, i hope you will be qualifies.

Posted by: muhabbet at octubre 05,2009 16:46
plagiarism

Students would order pre written essays about FireFox 2.0.0.11, at the term paper writing services. You definately will need use plagiarism detect. Now, you don’t have to worry about getting a failing mark simply because you have been accused of plagiarizing someone else’s work.



Posted by: Leopold Kravchuk at octubre 08,2009 18:07
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

This memory leak needed to be fixed badly, I was having trouble with it on more than a few of my clients machines.

Thanks

Posted by: Marcus at octubre 08,2009 19:27
Agreed!

Firefox 2.0.0.11 may crash when using this vulnerability due to heap boundary error (read access violation). voucher and coupons are more important than ever to people trying to save money on their shopping online.

Posted by: Sharon at octubre 09,2009 09:27
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

how its possible to remote memory ??

Posted by: Mediterranean Cruise Deals at octubre 09,2009 14:04
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

It's not so simply to bring a perfect custom written essays, especially if you are occupied. I consult you to set buy essay and to be free from discredit that your work will be done by essay writers

Posted by: buy essay at octubre 09,2009 17:03
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Excellent service and as far as I've tested, McAfee + Artemis works very good.

Posted by: Custom Essays at octubre 10,2009 03:17
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Good to have included Antiy-AVL engine Antiy from a Chinese antivirus company. I wonder how can I get one of these.

Posted by: Essay Writing at octubre 10,2009 03:18
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Can I just say this service ROCKS. I don't think you guys get thanked often enough. THANK YOU.

Posted by: Coursework at octubre 10,2009 03:19
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

This is really very good update. I have little to say on this subject, but very good publication.

Posted by: Buy Dissertation at octubre 10,2009 03:20
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

I have been using firefox for 2 years now previosuly i had some bad experience with opera so far i have found it useful and user friendly and its services are simply superb.

Posted by: logo design at octubre 10,2009 07:56
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Thank you a lot for your article about currently! I can buy research papers on line or buy custom essay papers with the help of the term paper writing services.

Posted by: sacha at octubre 10,2009 14:17
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

I guess most of the internet browser has problem with memory, after browsing for many hours it use a lot a lot of memory. Finally chrome seems to solve this issue, chrome is fast and works great for me, I can't give more feedback till few months using chrome and see how it goes

Posted by: apotik online at octubre 12,2009 14:37
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Oh very bad to hear. Can the hacker gets only the screens shots or the entire data. Term Paper
regards,

Posted by: Buy Essays at octubre 13,2009 07:16
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

i had some bad experience with opera so far i have found it useful and user friendly as well as the services are really nice.
regards,

Posted by: Write My Essay at octubre 13,2009 07:18
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

You don’t have to worry about getting a failing mark simply because you have been accused of plagiarizing someone else’s work. Good work out done for them.

Posted by: Custom Essays at octubre 13,2009 07:19
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

That’s practicable to purchase essays and buy essay writing at the
custom writing service about FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak
.

Posted by: buy essays at octubre 13,2009 08:28
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Luckily for us, ed hardy clothing is one of the few labels that never go out of fashion.
ed hardy
Selling ed hardy men longsleeve,ed hardy swimsuit,ed hardy men swimsuit,ed hardy boot.
ed hardy clothes
ed hardy
Newest ed hardy,ed hardy clothing,Shirts,Swimwear Commodity New styles have just arrived.Cheapest EDHardy Sale.
ed hardy store
ed hardy shoes
best Ed Hardy UK Online Store. We provide customer with Large of high quality and low price Ed Hardy Clothing & better .

Posted by: ed hardy at octubre 13,2009 10:59
Проф

The experienced thesis writing service will sell the thesis topic connecting with FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, thus, we detect the famous custom dissertation service and buy your dissertation there.

Posted by: Nomak Leon at octubre 14,2009 15:21
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Google Chrome isn't available for Linux yet. I'm running Ubuntu 8.04 Sohbet on both of my laptops. Kind of surprising that Google is so gung-ho about open source software, Chat but didn't release a version that runs on an open source OS. Has anyone seen a release date for a Linux version? oyun oyunlarFirefox 3 is quite fast and izlesene stable for me in Ubuntu. Plus, there are all the awesome addons. güncel haber I don't see any other browser forum replacing Firefox güzel sözler as my primary sohbet browser. chat sohbet

Posted by: mythic at octubre 14,2009 16:25
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

porno izle,sikiş,sikiş izle

Posted by: porno izle - free porn tv - sex - sikiş at octubre 15,2009 17:40
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Thanks a lot.Sohbetgood outros saves..Sohbetticked is will felanSohbetmichael phelpschatis rockman dir kendisi.muhabbettihis id great info thanks a lot:) for share. felan bide aq:)kızlarla sohbetgiving you acces yeterEmlak
god. you tatally..Web Tasarımable to fin felanturkish chatgreat ammount off diffrent.cinsel sohbetingilish söktü ben felan. music musicalmynetthanks.. veçetve Thanks a Lot.!

Posted by: sohbet at octubre 15,2009 17:47
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Opera and FireFox contains vulnerable code for handling BMP files with partial palette. The code allows to craftprefabrik evler a BMP file that leaks information from the heap. This information can be sent to remote server using canvas tag (HTML 5) and javascript.dizi izle

Posted by: cemal at octubre 15,2009 17:48
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

güzel

Posted by: mudur at octubre 15,2009 18:13
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Google Chrome isn't available for Linux yet. I'm running Ubuntu 8.04 Müzik Dinle on both of my laptops. Kind of surprising that Google is so gung-ho about open source software, mp3 dinle but didn't release a version that runs on an open source OS. Has anyone seen a release date for a Linux version? oyun oyunlarFirefox 3 is quite fast and izlesene stable for me in Ubuntu. Plus, there are all the awesome addons. Tır yarısı I don't see any other browser borsa replacing Firefox oyun oyna as my primary mustafa küçük browser

Posted by: Game at octubre 15,2009 18:25
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Google Chrome isn't available for Linux yet. I'm running Ubuntu 8.04
Müzik Dinle on both of my laptops. Kind of
surprising that Google is so gung-ho about open source software,
mp3 dinle but didn't release a version
that runs on an open source OS. Has anyone seen a release date for a Linux
version? oyun
oyunlar
Firefox 3 is quite fast and
izlesene
stable for me in Ubuntu. Plus, there are all the awesome addons.
Tır yarısı I don't see any other browser
borsa replacing Firefox
oyun oyna as my primary
mustafa küçük browser

Posted by: Oyun at octubre 15,2009 18:26
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

I guess most of Internet browsers have problems with memory after the call. Many hours they use very much memory. Finally, chromium seems to resolve this problem quickly and chromium active. For me I can not give more feedback through the yellow three months and see it.

Posted by: Tomas at octubre 19,2009 01:16
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Should we be seriously concerned about hackers?

Posted by: digital radio scanners at octubre 19,2009 07:55
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

so, what does this mean for us as users of either firefox or opera?
Should we be concerned?

Posted by: sports flooring at octubre 19,2009 07:58
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

I guess it is all good now.
have not noticed any issues with firefox, which I use daily

Posted by: internet marketing Melbourne at octubre 19,2009 08:01
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

we know that we'll be forced to pay fees to broadcasters for the first time, zonguldak sohbet odaları

and eregli sohbet odaları unfortunately our customers will have to foot the bill. chat

As a small cable operator, programming is sohbet odaları our already largest expense by far, and we simply cannot absorb any more amasya sohbet odaları increases in our carriage fees.voip service erkeklerle sohbet

This includes the importance of human rationality, individual property rights, free markets, adana sohbet odaları natural rights, the protection of civil liberties, constitutional limitation of government, and individual freedom

sohbet siteleri

fıkralarla türkiye

kameralı sohbet

Posted by: ahmet at octubre 19,2009 20:44
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

do they have a fix for this. I have not seen an update.

Car Hifi

Posted by: james lee at octubre 20,2009 02:07
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak



I just bought this bag from louis vuitton outlet which located in New York city, it’s wonderful.



Louis Vuitton Outlet are located in all major cities such as Shanghai, New York, etc, you may travel to these cities and get one for yourself.

Posted by: louis vuitton at octubre 20,2009 18:17
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Firefox is one of the best browser i have ever used its the best. Opera is a heavy application comparing to the firefox, but chrome is really catching on. I also like chrome but they dont have plugins which firefox have.

Posted by: Dentists Palm Beach at octubre 21,2009 08:28
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

I guess most of Internet browsers have problems with memory after the call. Many hours they use very much memory. Finally, chromium seems to resolve this problem quickly and chromium active. For me I can not give more feedback through the yellow three months and see it.

Posted by: Free onlinw games at octubre 21,2009 12:45
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Google Chrome isn't available for Linux yet. I'm running Ubuntu 8.04 Müzik Dinle on both of my laptops. Kind of surprising that Google is so gung-ho about open source software, mp3 dinle but didn't release a version that runs on an open source OS

watch anime online
birthday sms

Posted by: watch anime online at octubre 21,2009 16:13
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

So fix it already! Not sure if I am going to really worry too much here. Am on a Mac.

Bottle Koozies

Posted by: rliddle at octubre 21,2009 16:44
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

You don’t have to worry about getting a failing mark simply because you have been accused of plagiarizing someone else’s work. Good work out done for them.

watch anime online
birthday sms

Posted by: Naruto Shippuden at octubre 21,2009 21:29
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Nice blog, the info in here was solid.

Posted by: copy xbox games at octubre 22,2009 04:43
Web Optimization

Opera is the best - firefox its ok


Web & Multimedia Web Optimization

Posted by: Giuseppe at octubre 22,2009 17:37
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Leaking this sort of information is more like a piracy.
John
Noritake China

Posted by: John at octubre 22,2009 21:48
Re: FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak

Thank u very much for this information. http://www.theinfosage.com

Posted by: india news at octubre 23,2009 13:01
Trackbacks
Please send trackbacks to: http://blog.hispasec.nospam/lab/236/tbZ3ping
Replace "nospam" with "com"
There are no trackbacks.
Post a comment