Monday, June 1, 2009

Research - Discarded

This section will list potential vulnerabilities that I have discarded.If reporting them to the vendor is easy then you I'll wait for their response before posting.

Firefox - bug 492779
PL_Base64Decode integer overflow
Code changes made: here and here

Looked very promising at first. A common library routine used in many places with a straight forward integer overflow, caused because it multiplied before dividing..Exploitation also looked promising since we could control the amount to overflow the buffer with by using invalid base64 characters to make the decode no-op.

Reason for discarding:
Was unable to trigger it.