Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access. Proof Of Concept exploit: http://www.emanuele-gentili.com/~bathym/mozilla_die_happy.html I don't know what this exploit is supposed to do (I assume crash the browser), but my FF just fires up my CPU and... that's it :) I can close the tab or click the Home button and everything goes back to normal. Reproducible: Always Steps to Reproduce: Proof Of Concept exploit: http://www.emanuele-gentili.com/~bathym/mozilla_die_happy.html Actual Results: I don't know what this exploit is supposed to do (I assume crash the browser), but my FF just fires up my CPU and... that's it :) I can close the tab or click the Home button and everything goes back to normal.
Here GUI freezes and it opens "Unresponsive script" message with buttons Continue and Stop which do nothing when pressing them.. and it duplicates, killed it after 7 boxes.
Upstream mailed. but, there's currently no news from upstream as far as I can tell and from the activity I'd guess it could take some time until this is fixed.
Original post: http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2671 Nothing we can't do about it.
official mozilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=379390
me, mozilla devel, and comunity working for patch but I'd guess it could take some time until this is fixed (possible in firefox 2.0.0.5).
please don't play too much with Severity or read http://www.gentoo.org/security/en/vulnerability-policy.xml#doc_chap3 with less coffee... Usually we (security pple) don't handle client crashes, and make firefox crash is really easy, trust me. I would close it as Invalid.
(In reply to comment #6) > Usually we (security pple) don't handle client crashes, and make firefox crash > is really easy, trust me. I would close it as Invalid. Do so?
Hmm(In reply to comment #7) > (In reply to comment #6) > > Usually we (security pple) don't handle client crashes, and make firefox crash > > is really easy, trust me. I would close it as Invalid. > > Do so? > Hmm I'll set it as enhancement for the moment. speaking of enhancement, bugs with this severity are not our priority (sic), so don't bother too much with them, there's more urgent things.
Ready to vote, I vote NO.
upstream bug is still open
(In reply to comment #10) > upstream bug is still open > This will be addressed by xul-2/ff-4 We are not that far away from making it production, soon as it is ready will be moved to tree.
(In reply to comment #11) > (In reply to comment #10) > > upstream bug is still open > > > > This will be addressed by xul-2/ff-4 We are not that far away from making it > production, soon as it is ready will be moved to tree. bug is resolved with firefox-7.0 removing mozilla team, readd if needed.
This issue was resolved and addressed in GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml by GLSA coordinator Sean Amoss (ackle).