Bugtraq mailing list archives

Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)

From: Ismail Dönmez <ismail () pardus org tr>
Date: Sun, 25 Feb 2007 20:11:32 +0200

On Sunday 25 February 2007 18:57:47 Stan Bubrouski wrote:

On 2/25/07, Daniel Veditz <dveditz () cruzio com> wrote:

Michal Zalewski wrote:

A quick test case that crashes while trying to follow partly
user-dependent corrupted pointers near valid memory regions (can be
forced to write, too):

  http://lcamtuf.coredump.cx/ietrap/testme.html

Firefox problem is being tracked here:
  https://bugzilla.mozilla.org/show_bug.cgi?id=371321


This bug was fixed in 2.0.0.2, released Friday Feb 23.


No it most certainly wasn't, do your homework next time.


Well surely someone didn't so his homework but its not Daniel, see 
https://bugzilla.mozilla.org/show_bug.cgi?id=371321 .


-- 
Ismail Donmez ismail (at) pardus.org.tr
GPG Fingerprint: 7ACD 5836 7827 5598 D721 DF0D 1A9D 257A 5B88 F54C
Pardus Linux / KDE developer

Current thread:

Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) Michal Zalewski (Feb 23)
- Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) Daniel Veditz (Feb 26)
  - Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) Stan Bubrouski (Feb 26)
    - Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) Ismail Dönmez (Feb 26)
    - Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) Michal Zalewski (Feb 26)
    - Message not available
    - Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) Michal Zalewski (Feb 27)