Flaw in Firefox 2.0 Final

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Flaw in Firefox 2.0 Final
From: mike@xxxxxxxxx
Date: 23 Oct 2006 13:48:33 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This flaw reported by Mozilla 
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
is still unfixed in the latest Firefox 2.0 final.

This exploit works in Firefox 2.0 Final: http://lcamtuf.coredump.cx/ffoxdie.html

"Jonathan Watt and Michal Zalewski independently reported timing dependent 
testcases that trigger crashes at the same place during text display. We have 
seen no demonstration that these crashes could be reliably exploited, but they 
do show evidence of memory corruption so we presume they could be. 
Note: Thunderbird shares the browser engine with Firefox and could be 
vulnerable if JavaScript were to be enabled in mail. This is not the default 
setting and we strongly discourage users from enabling JavaScript in mail."

Prev by Date: D-Link DSL-G624T several vulnerabilities
Next by Date: Smarty-2.6.1 Remote File Include Vulnerabilities
Previous by thread: D-Link DSL-G624T several vulnerabilities
Next by thread: Smarty-2.6.1 Remote File Include Vulnerabilities
Index(es):
- Date
- Thread