Re: Critical JavaScript Flaw Hits Firefox

[Reed Loden <reed () reedloden com>]

On Mon, 26 Feb 2007 18:40:36 GMT
"Fergie" <fergdawg () netzero net> wrote:

> The use of a certain JavaScript instruction can cause Firefox to
> crash, allowing an attacker complete access to a system and the
> ability to run malware remotely.

Any idea what bug this may be? There aren't any critical ones that
Michal Zalewski has reported that haven't been fixed in a release.

I'm thinking the article is referring to
https://bugzilla.mozilla.org/show_bug.cgi?id=371321, which was fixed in
Firefox 2.0.0.2. However, as the article is extremely vague, it's hard
to tell what vulnerability it is reporting.

The article links to Mozilla's Bugzilla, not to the actual bug
(bug 371321). Also, it links to the CERT home page, not the actual
vulnerability notice (http://www.kb.cert.org/vuls/id/393921).

If this article is about that particular bug, the reporter is behind in
his research. ;)

~reed

-- 
Reed Loden - <reed () reedloden com>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.