funsec mailing list archives
Re: Critical JavaScript Flaw Hits Firefox
From: Reed Loden <reed () reedloden com>
Date: Mon, 26 Feb 2007 13:19:08 -0600
On Mon, 26 Feb 2007 18:40:36 GMT "Fergie" <fergdawg () netzero net> wrote:
The use of a certain JavaScript instruction can cause Firefox to crash, allowing an attacker complete access to a system and the ability to run malware remotely.
Any idea what bug this may be? There aren't any critical ones that Michal Zalewski has reported that haven't been fixed in a release. I'm thinking the article is referring to https://bugzilla.mozilla.org/show_bug.cgi?id=371321, which was fixed in Firefox 2.0.0.2. However, as the article is extremely vague, it's hard to tell what vulnerability it is reporting. The article links to Mozilla's Bugzilla, not to the actual bug (bug 371321). Also, it links to the CERT home page, not the actual vulnerability notice (http://www.kb.cert.org/vuls/id/393921). If this article is about that particular bug, the reporter is behind in his research. ;) ~reed -- Reed Loden - <reed () reedloden com> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- <Possible follow-ups>
- Re: Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)