oss-sec mailing list archives
Re: Mozilla: Use-after-free when doing multiple nesting using bad tags
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 07 Feb 2015 16:59:04 -0700
On 07/02/15 04:31 PM, Reed Loden wrote:
https://bugzilla.mozilla.org/show_bug.cgi?id=679572#c2 states "The addresses look like it's hit our \"frame-poisoning\" mitigation which would make that an unmapped and unexploitable address but that's off the top of my head and needs investigation.", so if true, it's only a DoS, which Mozilla doesn't assign CVEs for since it's not exploitable.
Agreed.
Check http://robert.ocallahan.org/2010/10/mitigating-dangling-pointer-bugs-using_15.html for more information about frame poisoning and how it works to make what used to be always critical security bugs into just crash bugs. Also, Mozilla is a CNA, so requests for CVEs for Mozilla products should be directed to them. I've cc'd security@ and Dan Veditz to confirm the above, however.
Derp, sorry I should have cc'ed you guys. The good news is I'm basically done cleaning all the old embargoed cruft out of our BZ so no more surprises =) -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried (Feb 07)
- Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Reed Loden (Feb 07)
- Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried (Feb 07)
- Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Reed Loden (Feb 07)