Sign in to follow this  
Followers 0
StankDawg

Firefox 1.02 vulnerability

11 posts in this topic

i liked my mem dump of my tabs, very interesting stuff:


scrollbar-down-top mousemove sborient=orient 0= ? m D 5 = = = TR 4 % P 95 TABLE d ts m 8 2 mousemove     nd ' ' ' windt tbody 0 way # A r A 0 p A 0 K I ' own ' false rev @ tabbrowser-tab-972289 ws ro e false false ' false A o http://secunia.com/advisories/14845/ ( V ring . A y I A e e serif mouseup a g value=label accesskey crop serif d D K http://www.binrev.com/forums/index.php?act=Print&client=printer&f=2&t=11797 M gbinrev.com... I H G # F E D C " EF k 1 A A A A A A A A A 98 Infocus: WEP: Dead Again  Part 2 tex ' l l s l p t Q d mousemove ' ' sborient=orient m scrollbar-thumb a /product/4491 @ mousemove     ex       .' nd ' ' ' windt J HTMLFrameSetElement Download Desktop Weather ) ( ) ' ' 0 contentAreaContextMenu ' _ A A A #     nodeType user_screen t t P f ttp://www.pulitzer.org/year/2005/breaking-news-photography/works/warzone20.html" -

0

Share this post


Link to post
Share on other sites

WOw, looked at the code for the function, i hate regular expressions. They look very complex.

0

Share this post


Link to post
Share on other sites
WOw, looked at the code for the function, i hate regular expressions. They look very complex.

regular expressions are beautiful works of art ^_^

0

Share this post


Link to post
Share on other sites

My knowledge of JavaScript is very rudimentary. Could someone explain for me what's going on in that confusing bit of code?

0

Share this post


Link to post
Share on other sites

dogs1.jpg

==

art%7E0.jpg

(I don't know what a regular expression is)

(so.. yeah.. )

Just remember the Bulldog likes to cheat..

Edited by Dox
0

Share this post


Link to post
Share on other sites

I feel sorry for the guy who had to write that entire thing out, especially when he could've just used:

/[^\x20-~]+/g

0

Share this post


Link to post
Share on other sites

feel sorry for the guy who had to write that entire thing out, especially when he could've just used:

/[^\x20-~]+/g

In which world

0

Share this post


Link to post
Share on other sites

feel sorry for the guy who had to write that entire thing out, especially when he could've just used:

/[^\x20-~]+/g

In which world

In the world where someone wants to eliminate characters that aren't between ASCII codes 32 and 126 easily.

0

Share this post


Link to post
Share on other sites

 ) 7 7 ) c . 0 2 4 6 8 : ? @ c   A 0 ( D 1 m 5 T 6 5 5 W V 5 D V 5 r 4 3 ' e I e y I y y # I y e I e y I y 6 = . / \ e P 8 ) / r 8 W _ A scrollbar-up-top   t L sborient=orient scrollbar-up-top sborient=orient A scrollbar-down-top sborient=orient scrollbar-down-top ' sborient=orient sborient=orient curpos maxpos pageincrement increment orient sborient=orient curpos maxpos pageincrement increment orient sborient=orient E scrollbar-thumb scrollbar-thumb scrollbar-up-bottom sborient=orient scrollbar-up-bottom ' sborient=orient scrollbar-down-bottom sborient=orient scrollbar-down-bottom 8 sborient=orient %         if (navigator.platform.indexOf("Mac")  = -1)           this.initScrollbar();        8 initScrollbar scrollbar-down-top offsetParent    scrollTop  = scrollLeft e scrollHeight     scrollWidth clientHeight e") clientWidth nsIDOMNSHTMLElement u nsIDOMElementCSSInlineStyle n us (t L ro (" HTMLHtmlElement g HTMLElement % Element % % @ align Q 4r   " # % & ' ( )   Q K  u L .g A A A A A A A A A r" flexGroup    ordinal orient s pack mb" tooltip minWidth emo minHeight    maxWidth   c maxHeight hr left in  datasources allowEvents t Z  == v orient sborient=orient upTop    \ U U I P Y t scrollbar-up-bottom    scrollbar-down-bottom ' R; v 0   d 1 0 L g W 

Doesn't seem too bad....

0

Share this post


Link to post
Share on other sites

mem = mem.replace(/[^\.\\\:\/\'\(\)\"\_\?\=\%\&\;\#\@\- a-zA-Z0-9]+/g, " ");

\. \\ \: \/ \' \( \) \" \_ \? \= \% \& \; \# \@ \-

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

a-z A-Z 0-9 ]+/g, " "

26 26 9 global matching

17 + 26 + 26 + 9 = 78

VS

In the world where someone wants to eliminate characters that aren't between ASCII codes 32 and 126 easily.

126 - 32 = 94

78 <> 94

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0