lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061023134833.15002.qmail@securityfocus.com> Date: 23 Oct 2006 13:48:33 -0000 From: mike@...il.com To: bugtraq@...urityfocus.com Subject: Flaw in Firefox 2.0 Final This flaw reported by Mozilla http://www.mozilla.org/security/announce/2006/mfsa2006-59.html is still unfixed in the latest Firefox 2.0 final. This exploit works in Firefox 2.0 Final: http://lcamtuf.coredump.cx/ffoxdie.html "Jonathan Watt and Michal Zalewski independently reported timing dependent testcases that trigger crashes at the same place during text display. We have seen no demonstration that these crashes could be reliably exploited, but they do show evidence of memory corruption so we presume they could be. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from enabling JavaScript in mail."