Christoph Diehl

Mozilla Product Integrity
Security Engineer

<strong>mozilla<sourcetext>

Mozilla Firefox <= 1.0.7

projects



inactive / retired



fuzzing


WebAnimations
https://bugzilla.mozilla.org/show_bug.cgi?id=1334591
WebCrypto
https://bugzilla.mozilla.org/show_bug.cgi?id=1037373
WebNFC
https://bugzilla.mozilla.org/show_bug.cgi?id=1023086
OpenH264
https://bugzilla.mozilla.org/show_bug.cgi?id=959432
MediaRecorder
https://bugzilla.mozilla.org/show_bug.cgi?id=940301
WebAudio
https://bugzilla.mozilla.org/show_bug.cgi?id=875414
Stagefright
https://bugzilla.mozilla.org/show_bug.cgi?id=872136
WebVTT
https://bugzilla.mozilla.org/show_bug.cgi?id=855851
JARs
https://bugzilla.mozilla.org/show_bug.cgi?id=821596
Fonts
https://bugzilla.mozilla.org/show_bug.cgi?id=750695
WebGL
https://bugzilla.mozilla.org/show_bug.cgi?id=658170
Opus
https://bugzilla.mozilla.org/show_bug.cgi?id=750714
WebM
https://bugzilla.mozilla.org/show_bug.cgi?id=793199
IPC
https://bugzilla.mozilla.org/show_bug.cgi?id=777067
WebRTC
https://bugzilla.mozilla.org/show_bug.cgi?id=792125
Graphite2
https://bugzilla.mozilla.org/show_bug.cgi?id=681976

Sandbox

.exploits


tt-eudora.c
Qualcomm Eudora Imapd Remote PreAuth Ring-0 exploit
tt-mercury.c
Remote shell exploit against Pegasus Mercury IMAPd
tt-newspost.c
Local exploit against Newspost 2.1.1
tt-procps.c
Local exploit against procps 3.2.5
tt-pwck.c
Local exploit against pwck
tt-kon2.c
Local root exploit against kon2
tt-bluecoat.c
BlueCoat WinProxy Remote Heap Overflow PoC
tt-eudora.py
Qualcomm Eudora Email Client exploit PoC
tt-lotus.py
IBM Lotus Domino
tt-sfxpoc.py
WinRAR SFX - stack buffer overflow PoC
tt-vmware.py
VMWare VMX - file property heap overflow PoC
tt-vmware.c
VMWare NAT Remote PoC
tt-skype.c
Skype - vCard memory corruption PoC
NtOpenFile.py
BitDefender Internet Security ZwOpenFile()
CA-NtOpenSection.py
CA Internet Security Suite ZwOpenSection()
CA-NtOpenSection.py
CA Internet Security Suite NtCreateSymbolicLinkObject()
CA-NtOpenSection.py
CA Internet Security Suite NtCreateKey()
tt-shareutils.c
Local exploit against shareutils <= 4.2.1

.bytecode


bsd.tar.gz
various BSD shellcode
linux.tar.gz
various Linux shellcode
linux-x86/
various syscalls as Assembler source

.bugs


702934
Google Chrome 59 - UAF in PNGImageDecoder
669534
Google Chrome 50 - UAF in PrintWebViewHelper
588550
Google Chrome 50 - UAF in CanvasAsyncBlobCreator
572404
Google Chrome 49 - UAF in WindowSelector
CVE-2016-1614
Google Chrome 46 - Use of uninit. value in Blink
CVE-2015-1227
Google Chrome 41 - Use of uninit. value in DragImage
CVE-2014-7941
Google Chrome 40 - OOB in SelectionOwner
CVE-2014-7936
Google Chrome 40 - UAF in ZoomBubbleView::Close
CVE-2014-7908
Google Chrome 39 - MPEG-4 CheckMov() integer overflow
X-2012-0929
Google Chrome 24 - WebGL memory corruption
CVE-2010-4203
Google Chrome 7 - WebM memory corruption
CVE-2007-0126
Opera 9.10 - JPG image DHT marker heap corruption
CVE-2006-3912
WinRAR 3.60 - Stack buffer overflow
CVE-2006-1540
Microsoft Office 2002 - Array index bounds error
X-2006-0126
Sambar All-In-One Server IMAPd - Integer overflow
X-2006-0126
Sambar All-In-One Server FTPd - Memory corruption
X-2006-0112
Apple iTunes media sharing server - Denial of service
CVE-2005-4718
Opera 8.02 - Denial of service
EDB-ID: 1253
Mozilla Firefox 1.0.7
CVE-2005-4267
Qualcomm WorldMail IMAPd - Literal processing overflow
TA-2005-0303
pcwsd 1.1.0 - Insufficient boundary checking
TA-2005-0220
Tin 1.6.2 - Insufficient boundary checking
TA-2004-0115
Xtreme ASP Photo Gallery 2.0 - SQL injection
CVE-2003-1032
Pi3Web 2.0.2 - Buffer overflow
TA-2003-0915
IpSwitch IMail 8.02 - Directory traversal
TA-2003-0623
iWeb Server 2 - Directory traversal
TA-2003-0622
VisNetic WebMail v5.8 - Failure to handle except. cond.
TA-2003-0621
Twilight WebServer v1.3.3.0 - Memory corruption
TA-2003-0618
Armida Web Server v1.0 - Memory corruption
TA-2003-0527
Abyss WebServer X1 - Directory traversal
TA-2003-0425
CesarFTP Server 0.99g - Denial of service
BID 317429
Hyperion FTP Server 3.0 - Buffer overflow

.tools

h264fuzz/
A lightweight fuzzer for the encoder and decoder of OpenH264.
photon
A utility for managing RAM disks.
pylf/
Fuzzing lib with a little native Win32 debug interface.
mistress
Modular fuzzer written in Python.
flashback
Simple file fuzzer with a WebUI.
picasso
Steganography tool to hide text in the LSB of a byte inside a picture.
ostrich
Modular fuzzer written in C.
primel/
Non-listening backdoor for Linux/BSD systems. In sniffing mode it waits for incoming packets at predefined ports and provides a secure shell after the right packet-port-combination.
hspoof
Fakes an incoming HTTP GET request with spoofed HTTP Referer and User-Agent while you are surfing with your browser by acting like a local proxy server.
sisyfuzz
Demo of an old fuzzer prototype with a Metasploit like interface.

.texts

fmt.txt
Introduction to format strings bugs with exploit examples.
int.html
Introduction to integer overflows with exploit examples.
lnx86_sh.txt
Fundamentals in writing shellcode on Linux x86 systems.
vi-ref.html
Little reference to VI.

.unsorted

7170a4b7a58d
Allows developers to run their WebGL programs with the minimum allowed capabilities by WebGL specification.
.gdbinit
A small script for GDB to help in creating bug reports.
mozconfigs
Custom mozilla build configurations for various purposes, i.e feature enabled builds of Firefox.
fonts
Distribution of font tables across various platforms.