This exploit works in Firefox 2.0 Final: http://lcamtuf.coredump.cx/ffoxdie.html Description Jonathan Watt and Michal Zalewski independently reported timing dependent testcases that trigger crashes at the same place during text display. We have seen no demonstration that these crashes could be reliably exploited, but they do show evidence of memory corruption so we presume they could be. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from enabling JavaScript in mail. Workaround Disable JavaScript until you can upgrade to a fixed version. Do not enable JavaScript in mail clients such as Thunderbird. References https://bugzilla.mozilla.org/show_bug.cgi?id=345071 https://bugzilla.mozilla.org/show_bug.cgi?id=348514
no script will ship with firefox-2.0 final so this is already being delt with soon as firefox-2.0 final is released which is tomorrow this will done be resolved.
*** Bug 152623 has been marked as a duplicate of this bug. ***
Flaws described in the advisory text have been really fixed, apparently. It seems, that the testcase triggers one more bug :/ https://bugzilla.mozilla.org/show_bug.cgi?id=323394
Clearly says fixed in Firefox 1.5.0.7 and higher from the advisory link you posted above and from the second link you posted. They don't even work for me on Firefox 2.0. Gonna give you the Slashdot advice... RTFA before commenting.
*** Bug 153737 has been marked as a duplicate of this bug. ***
*** Bug 153736 has been marked as a duplicate of this bug. ***
*** Bug 140020 has been marked as a duplicate of this bug. ***
*** Bug 136691 has been marked as a duplicate of this bug. ***
*** Bug 135052 has been marked as a duplicate of this bug. ***
Fixed via Anarchy.
Symptoms as described in Bug 153737 still there in last ebuild 2.0.0.1.
Please reopen that bug then. I can't reproduce it though.