lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4547C685.4040405@cruzio.com>
Date: Tue, 31 Oct 2006 13:56:21 -0800
From: Daniel Veditz <dveditz@...zio.com>
To: bugtraq@...urityfocus.com
Subject: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution

xxxx@...il.com wrote:
> When you have a NULL pointer dereference a code execution is also possible, so you can't exclude it at all.
> For example in this old flaw:
> http://securitytracker.com/alerts/2006/Apr/1016001.html

In that example there was a way to influence the crash so that it was not null.
The Metasploit blog previously reported on a way to use a null dereference crash
to trigger a vulnerability in the windows SEH to run code (since fixed, and not
exploitable via Firefox as far as anyone can tell).

Neither of those conditions apply here, it's just a null dereference. In a debug
build you get

###!!! ASSERTION: Parsing didn't create a parser context?: 'mParserContext',
file c:/dev/ff2/mozilla/parser/htmlparser/src/nsParser.cpp, line 1882

This bug appears to have been fixed in the code that will become Firefox 3. This
crash is being tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=358797

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ