Comment 1 Thierry Carrez (RETIRED) 2004-10-24 07:45:14 UTC

These crashes are probably not exploitable, but better safe than sorry, we'll track them here.

Comment 2 Thierry Carrez (RETIRED) 2004-11-03 02:39:08 UTC

Mozilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=264944

Comment 3 Thierry Carrez (RETIRED) 2004-11-23 07:58:13 UTC

Firefox is fixed in version 1.0, according to http://www.squarefree.com/burningedge/releases/1.0.html

Comment 4 Thierry Carrez (RETIRED) 2004-11-24 08:24:22 UTC

Links is fixed in 1.00pre12, according to http://artax.karlin.mff.cuni.cz/~mikulas/links/download/ChangeLog :

	Fixed bugs discovered with mangleme:
	http://lcamtuf.coredump.cx/mangleme/mangle2.cgi
	memory leak with nested <select multiple name=n> tags
	integer overflow in frame widths causes an internal error
	internal error with base url only containing //
	fixed incorrect generating of title (does not cause crash, but excessive
		memory allocation)

Comment 5 Thierry Carrez (RETIRED) 2004-11-24 08:28:46 UTC

Lynx doesn't look fixed as of 2004-11-07 (2.8.6dev.8)
see http://lynx.isc.org/current/CHANGES

Comment 6 Thierry Carrez (RETIRED) 2004-11-24 08:43:48 UTC

Opera doesn't look fixed as of 7.60 Preview 3 Build 862 (November 15, 2004)
See http://snapshot.opera.com/unix/

>------- Additional Comment #5 From Koon 2004-11-24 08:28 PST ------- 
>
>Lynx doesn't look fixed as of 2004-11-07 (2.8.6dev.8)
>see http://lynx.isc.org/current/CHANGES
* limit TEXTAREA columns to the screen width, and rows to 3 times the screen
  height (report by FLWM) -TD

Comment 8 Thierry Carrez (RETIRED) 2005-02-18 02:57:38 UTC

These are bugs rather than security issues, and most browsers fixed them. Closing, please reopen if you disagree (like, if you think/prove those crashes are exploitable).