Re: Critical JavaScript Flaw Hits Firefox

[Jordan Wiens <numatrix () ufl edu>]

Reed Loden wrote:
> On Mon, 26 Feb 2007 18:40:36 GMT
> "Fergie" <fergdawg () netzero net> wrote:
>
> > The use of a certain JavaScript instruction can cause Firefox to
> > crash, allowing an attacker complete access to a system and the
> > ability to run malware remotely.
>
> Any idea what bug this may be? There aren't any critical ones that
> Michal Zalewski has reported that haven't been fixed in a release.
>
> I'm thinking the article is referring to
> https://bugzilla.mozilla.org/show_bug.cgi?id=371321, which was fixed in
> Firefox 2.0.0.2. However, as the article is extremely vague, it's hard
> to tell what vulnerability it is reporting.
>
> The article links to Mozilla's Bugzilla, not to the actual bug
> (bug 371321). Also, it links to the CERT home page, not the actual
> vulnerability notice (http://www.kb.cert.org/vuls/id/393921).
>
> If this article is about that particular bug, the reporter is behind in
> his research. ;)
>
> ~reed

Probably:

https://bugzilla.mozilla.org/show_bug.cgi?id=371321

It was unintentionally resolved in 2.0.0.2 -- an earlier change fixed 
it, though not because they had discovered the vuln.  The other unload 
one is pretty fun too, though maybe not critical:

https://bugzilla.mozilla.org/show_bug.cgi?id=371360

Not half as fun as it is in IE though.

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.