funsec mailing list archives
Re: Critical JavaScript Flaw Hits Firefox
From: Jordan Wiens <numatrix () ufl edu>
Date: Mon, 26 Feb 2007 15:38:01 -0500
Reed Loden wrote:
On Mon, 26 Feb 2007 18:40:36 GMT "Fergie" <fergdawg () netzero net> wrote:The use of a certain JavaScript instruction can cause Firefox to crash, allowing an attacker complete access to a system and the ability to run malware remotely.Any idea what bug this may be? There aren't any critical ones that Michal Zalewski has reported that haven't been fixed in a release. I'm thinking the article is referring to https://bugzilla.mozilla.org/show_bug.cgi?id=371321, which was fixed in Firefox 2.0.0.2. However, as the article is extremely vague, it's hard to tell what vulnerability it is reporting. The article links to Mozilla's Bugzilla, not to the actual bug (bug 371321). Also, it links to the CERT home page, not the actual vulnerability notice (http://www.kb.cert.org/vuls/id/393921). If this article is about that particular bug, the reporter is behind in his research. ;) ~reed
Probably: https://bugzilla.mozilla.org/show_bug.cgi?id=371321It was unintentionally resolved in 2.0.0.2 -- an earlier change fixed it, though not because they had discovered the vuln. The other unload one is pretty fun too, though maybe not critical:
https://bugzilla.mozilla.org/show_bug.cgi?id=371360 Not half as fun as it is in IE though. -- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- <Possible follow-ups>
- Re: Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)