Re: Mozilla: Use-after-free when doing multiple nesting using bad tags

[Reed Loden <reed () reedloden com>]

https://bugzilla.mozilla.org/show_bug.cgi?id=679572#c2 states "The
addresses look like it's hit our \"frame-poisoning\" mitigation which would
make that an unmapped and unexploitable address but that's off the top of
my head and needs investigation.", so if true, it's only a DoS, which
Mozilla doesn't assign CVEs for since it's not exploitable.

Check
http://robert.ocallahan.org/2010/10/mitigating-dangling-pointer-bugs-using_15.html
for more information about frame poisoning and how it works to make what
used to be always critical security bugs into just crash bugs.

Also, Mozilla is a CNA, so requests for CVEs for Mozilla products should be
directed to them. I've cc'd security@ and Dan Veditz to confirm the above,
however.

~reed
(with his Mozilla Security Group hat on)

On Sat, Feb 7, 2015 at 10:29 AM, Kurt Seifried <kseifried () redhat com> wrote:

> https://bugzilla.mozilla.org/show_bug.cgi?id=679572
> https://bugzilla.redhat.com/show_bug.cgi?id=751934
>
> not sure why this never got a cve/security treatment
>
> --
> Kurt Seifried -- Red Hat -- Product Security -- Cloud
> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993