Re: Mozilla: Use-after-free when doing multiple nesting using bad tags

[Kurt Seifried <kseifried () redhat com>]

On 07/02/15 04:31 PM, Reed Loden wrote:
> https://bugzilla.mozilla.org/show_bug.cgi?id=679572#c2 states "The
> addresses look like it's hit our \"frame-poisoning\" mitigation which would
> make that an unmapped and unexploitable address but that's off the top of
> my head and needs investigation.", so if true, it's only a DoS, which
> Mozilla doesn't assign CVEs for since it's not exploitable.

Agreed.

> Check
> http://robert.ocallahan.org/2010/10/mitigating-dangling-pointer-bugs-using_15.html
> for more information about frame poisoning and how it works to make what
> used to be always critical security bugs into just crash bugs.
>
> Also, Mozilla is a CNA, so requests for CVEs for Mozilla products should be
> directed to them. I've cc'd security@ and Dan Veditz to confirm the above,
> however.

Derp, sorry I should have cc'ed you guys.

The good news is I'm basically done cleaning all the old embargoed cruft
out of our BZ so no more surprises =)



-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature