Summary: | www-client/mozilla-firefox<=3.? Buffer Overflow (CVE-2008-2786) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | glua |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://xforce.iss.net/xforce/xfdb/43317 | ||
Whiteboard: | ~1 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2008-11-07 21:03:20 UTC
It seems there is no public information available, I just opened this issue for tracking purposes. That exploit published today could be related http://www.milw0rm.com/exploits/7554 It might still be 0day as the source for this was a "uh look I have an exploit for firefox 3 and this is the hash"-post on http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html we should probably contact upstream to sort this out. Mozilla has nothing to do here. Upstream's bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=402735 The crash was caused due to a 3rd party extension (Download accelerator plus) and so it is invalid. |