funsec mailing list archives
Re: Critical JavaScript Flaw Hits Firefox
From: "Fergie" <fergdawg () netzero net>
Date: Mon, 26 Feb 2007 20:28:38 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reed, It looks like they _may_ have updated this article, since I didn't see this when I originally read it: "The disclosure comes on the same day that Mozilla released an update for Firefox, which does not address the JavaScript flaw." http://www.computeractive.co.uk/vnunet/news/2184139/vulnerability-uncovered - - ferg - -- Reed Loden <reed () reedloden com> wrote: On Mon, 26 Feb 2007 18:40:36 GMT "Fergie" <fergdawg () netzero net> wrote:
The use of a certain JavaScript instruction can cause Firefox to crash, allowing an attacker complete access to a system and the ability to run malware remotely.
Any idea what bug this may be? There aren't any critical ones that Michal Zalewski has reported that haven't been fixed in a release. I'm thinking the article is referring to https://bugzilla.mozilla.org/show_bug.cgi?id=371321, which was fixed in Firefox 2.0.0.2. However, as the article is extremely vague, it's hard to tell what vulnerability it is reporting. The article links to Mozilla's Bugzilla, not to the actual bug (bug 371321). Also, it links to the CERT home page, not the actual vulnerability notice (http://www.kb.cert.org/vuls/id/393921). If this article is about that particular bug, the reporter is behind in his research. ;) ~reed - -- Reed Loden - <reed () reedloden com> -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFF40Lyq1pz9mNUZTMRAomWAJ9X4ylfmmgoO8WdRFAlMuckO74rWgCgzl8E P/rGNmz/48eUOK3GDeSESnE= =BXYj -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- <Possible follow-ups>
- Re: Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)