Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 152591 - Javascript recursion can lead to DoS in firefox 1.5.0.7 and 2.0
Summary: Javascript recursion can lead to DoS in firefox 1.5.0.7 and 2.0
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High normal (vote)
Assignee: Mozilla Gentoo Team
URL: http://www.mozilla.org/security/annou...
Whiteboard:
Keywords:
: 135052 136691 140020 152623 153736 153737 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-10-23 13:18 UTC by Aarni Honka
Modified: 2006-12-24 19:00 UTC (History)
12 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Aarni Honka 2006-10-23 13:18:53 UTC 
This exploit works in Firefox 2.0 Final: http://lcamtuf.coredump.cx/ffoxdie.html

Description
Jonathan Watt and Michal Zalewski independently reported timing dependent testcases that trigger crashes at the same place during text display. We have seen no demonstration that these crashes could be reliably exploited, but they do show evidence of memory corruption so we presume they could be.

Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from enabling JavaScript in mail.
Workaround
Disable JavaScript until you can upgrade to a fixed version. Do not enable JavaScript in mail clients such as Thunderbird.

References
https://bugzilla.mozilla.org/show_bug.cgi?id=345071
https://bugzilla.mozilla.org/show_bug.cgi?id=348514
Comment 1 Jory A. Pratt 2006-10-23 17:21:43 UTC 
no script will ship with firefox-2.0 final so this is already being delt with soon as firefox-2.0 final is released which is tomorrow this will done be resolved.
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-10-24 00:05:34 UTC 
*** Bug 152623 has been marked as a duplicate of this bug. ***
Comment 3 Lubomir Rintel 2006-10-24 01:55:19 UTC 
Flaws described in the advisory text have been really fixed, apparently. It seems, that the testcase triggers one more bug :/

https://bugzilla.mozilla.org/show_bug.cgi?id=323394
Comment 4 Doug Goldstein (RETIRED) gentoo-dev 2006-10-31 13:14:22 UTC 
Clearly says fixed in Firefox 1.5.0.7 and higher from the advisory link you posted above and from the second link you posted.

They don't even work for me on Firefox 2.0.

Gonna give you the Slashdot advice... RTFA before commenting.
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2006-11-01 15:59:54 UTC 
*** Bug 153737 has been marked as a duplicate of this bug. ***
Comment 6 Bryan Østergaard (RETIRED) gentoo-dev 2006-11-01 16:00:03 UTC 
*** Bug 153736 has been marked as a duplicate of this bug. ***
Comment 7 Christian Marie (RETIRED) gentoo-dev 2006-12-18 19:45:34 UTC 
*** Bug 140020 has been marked as a duplicate of this bug. ***
Comment 8 Christian Marie (RETIRED) gentoo-dev 2006-12-18 19:46:37 UTC 
*** Bug 136691 has been marked as a duplicate of this bug. ***
Comment 9 Christian Marie (RETIRED) gentoo-dev 2006-12-18 19:46:51 UTC 
*** Bug 135052 has been marked as a duplicate of this bug. ***
Comment 10 Christian Marie (RETIRED) gentoo-dev 2006-12-24 07:54:15 UTC 
Fixed via Anarchy.
Comment 11 Tomasz Golinski 2006-12-24 10:45:30 UTC 
Symptoms as described in Bug 153737 still there in last ebuild  2.0.0.1.
Comment 12 Christian Marie (RETIRED) gentoo-dev 2006-12-24 19:00:13 UTC 
Please reopen that bug then. I can't reproduce it though.