Re: [Full-disclosure] Firefox onUnload + document.write() memory corrupt

To:	"Daniel Veditz" <dveditz@cruzio.com>
Subject:	Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr)
From:	"Stan Bubrouski" <stan.bubrouski@gmail.com>
Date:	Sun, 25 Feb 2007 11:57:47 -0500
Cc:	bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security@mozilla.org
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	bugtraq-list@securepoint.com
Delivered-to:	mailing list bugtraq@securityfocus.com
Delivered-to:	moderator for bugtraq@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ui5jC0GC+b4+rMJW/2nDo5jrDhkRDSSYqjIpZMTVSzVFQwlh/YH3Rl2fSYV05D5GD2eJRFbuMpSDQMn2QGPM3Gq+4uEuM9gN5jqCdWBdxeSX1mB8nTbpR6zzUEDrC8ubFDBPpKLDcYAeWDu/rm6FBgHkRcpa9T9Mex4kzBCbPYs=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CTDeArgUwt5jsbcuma5BBMByPJoQMxgV2j2QW9gdrH0jhY1uOzI5lS0blMejloY8E8WxQNLHVwL2kz6kkDUcAP9nQ2uNvprt26WlrEWgJtetZ5wyM2IJTl8k5/j1v4QuUwgcsykXwpR1KH0uYq2Q9Qw9M9mEG9pnVn5VPS86cIM=
In-reply-to:	<45E1BA08.7090901@cruzio.com>
List-help:	<mailto:bugtraq-help@securityfocus.com>
List-id:	<bugtraq.list-id.securityfocus.com>
List-post:	<mailto:bugtraq@securityfocus.com>
List-subscribe:	<mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list:	contact bugtraq-help@securityfocus.com; run by ezmlm
References:	<Pine.LNX.4.58.0702230229090.21707@dione> <45E1BA08.7090901@cruzio.com>

On 2/25/07, Daniel Veditz <dveditz@cruzio.com> wrote:

Michal Zalewski wrote:
> A quick test case that crashes while trying to follow partly
> user-dependent corrupted pointers near valid memory regions (can be forced
> to write, too):
>
>   http://lcamtuf.coredump.cx/ietrap/testme.html
>
> Firefox problem is being tracked here:
>   https://bugzilla.mozilla.org/show_bug.cgi?id=371321

This bug was fixed in 2.0.0.2, released Friday Feb 23.


No it most certainly wasn't, do your homework next time.

-sb

<Prev in Thread]	Current Thread	[Next in Thread>
Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Michal Zalewski Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Daniel Veditz Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Stan Bubrouski <= Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Ismail Dönmez Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Michal Zalewski Message not available Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Michal Zalewski

Previous by Date:	sitex multiple vulnerabilities, none
Next by Date:	Re: MSIE7 browser entrapment vulnerability (probably Firefox, too), Jeffrey Katz
Previous by Thread:	Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Daniel Veditz
Next by Thread:	Re: [Full-disclosure] Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr), Ismail Dönmez
Indexes:	[Date] [Thread] [Top] [All Lists]