Home page logo

bugtraq logo Bugtraq mailing list archives

Flaw in Firefox 2.0 Final
From: mike () gmail com
Date: 23 Oct 2006 13:48:33 -0000

This flaw reported by Mozilla http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
is still unfixed in the latest Firefox 2.0 final.

This exploit works in Firefox 2.0 Final: http://lcamtuf.coredump.cx/ffoxdie.html

"Jonathan Watt and Michal Zalewski independently reported timing dependent testcases that trigger crashes at the same 
place during text display. We have seen no demonstration that these crashes could be reliably exploited, but they do 
show evidence of memory corruption so we presume they could be. 
Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in 
mail. This is not the default setting and we strongly discourage users from enabling JavaScript in mail."

  By Date           By Thread  

Current thread:
  • Flaw in Firefox 2.0 Final mike (Oct 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]