oss-sec mailing list archives

Re: CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector)

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 17 Apr 2008 17:29:01 -0400 (EDT)


On Thu, 17 Apr 2008, Hanno [utf-8] B??ck wrote:

Ok, then please include this one:
http://www.securityfocus.com/bid/27243
http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html
http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities


See below.

Do you have a specific Firefox/Gentoo/Debian version?

- Steve


======================================================
Name: CVE-2007-6715
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6715
Reference: MISC:http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html
Reference: MISC:http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
Reference: MISC:http://sam.zoy.org/zzuf/
Reference: BID:27243
Reference: URL:http://www.securityfocus.com/bid/27243

Mozilla Firefox allows remote attackers to cause a denial of service
(crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif
test case.

Current thread:

CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector) Hanno Böck (Apr 17)
- Re: CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector) Tomas Hoger (Apr 17)
- Re: CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector) Josh Bressers (Apr 17)
- Re: CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector) Steven M. Christey (Apr 17)
  - Re: CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector) Hanno Böck (Apr 17)
    - Re: CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector) Steven M. Christey (Apr 17)
    - Re: CVE request: firefox 2.0.14 ( Crash in JavaScript garbage collector) Hanno Böck (Apr 18)