Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 180159 (CVE-2007-2671) - <www-client/firefox-7.0.1 Out-of-bounds memory access via specialy crafted html file (CVE-2007-2671)
Summary: <www-client/firefox-7.0.1 Out-of-bounds memory access via specialy crafted ht...
Status: RESOLVED FIXED
Alias: CVE-2007-2671
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo Security
URL: http://lists.grok.org.uk/pipermail/fu...
Whiteboard: B4 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-28 23:00 UTC by Emanuele Gentili
Modified: 2013-01-08 01:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Emanuele Gentili 2007-05-28 23:00:28 UTC
Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access.
 
Proof Of Concept exploit:
http://www.emanuele-gentili.com/~bathym/mozilla_die_happy.html


I don't know what this exploit is supposed to do (I assume crash the browser),
but my FF just fires up my CPU and... that's it :) I can close the tab or
click the Home button and everything goes back to normal.


Reproducible: Always

Steps to Reproduce:
Proof Of Concept exploit:
http://www.emanuele-gentili.com/~bathym/mozilla_die_happy.html
Actual Results:  
I don't know what this exploit is supposed to do (I assume crash the browser),
but my FF just fires up my CPU and... that's it :) I can close the tab or
click the Home button and everything goes back to normal.
Comment 1 Samuli Suominen gentoo-dev 2007-05-28 23:26:55 UTC
Here GUI freezes and it opens "Unresponsive script" message with buttons Continue and Stop which do nothing when pressing them.. and it duplicates, killed it after 7 boxes.
Comment 2 Emanuele Gentili 2007-05-29 09:34:43 UTC
Upstream mailed. but, there's currently no news from upstream as far as I can tell and from the activity I'd guess it could take some time until this is fixed.

Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2007-05-29 11:31:14 UTC
Original post:

http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2671

Nothing we can't do about it.
Comment 4 Emanuele Gentili 2007-05-29 22:31:12 UTC
official mozilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=379390
Comment 5 Emanuele Gentili 2007-06-05 00:28:46 UTC
me, mozilla devel, and comunity working for patch but I'd guess it could take some time until this is fixed (possible in firefox 2.0.0.5).

Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-06-29 15:44:39 UTC
please don't play too much with Severity or read http://www.gentoo.org/security/en/vulnerability-policy.xml#doc_chap3 with less coffee...

Usually we (security pple) don't handle client crashes, and make firefox crash is really easy, trust me. I would close it as Invalid.
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-08 22:56:18 UTC
(In reply to comment #6)
> Usually we (security pple) don't handle client crashes, and make firefox crash
> is really easy, trust me. I would close it as Invalid.

 Do so?
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-09-08 23:17:23 UTC
Hmm(In reply to comment #7)
> (In reply to comment #6)
> > Usually we (security pple) don't handle client crashes, and make firefox crash
> > is really easy, trust me. I would close it as Invalid.
> 
>  Do so?
> 

Hmm I'll set it as enhancement for the moment. speaking of enhancement, bugs with this severity are not our priority (sic), so don't bother too much with them, there's more urgent things. 
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2009-03-05 23:49:24 UTC
Ready to vote, I vote NO.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2009-04-04 14:16:29 UTC
upstream bug is still open
Comment 11 Jory A. Pratt gentoo-dev 2010-10-14 12:14:01 UTC
(In reply to comment #10)
> upstream bug is still open
> 

This will be addressed by xul-2/ff-4 We are not that far away from making it production, soon as it is ready will be moved to tree.
Comment 12 Jory A. Pratt gentoo-dev 2011-10-31 21:38:40 UTC
(In reply to comment #11)
> (In reply to comment #10)
> > upstream bug is still open
> > 
> 
> This will be addressed by xul-2/ff-4 We are not that far away from making it
> production, soon as it is ready will be moved to tree.

bug is resolved with firefox-7.0 removing mozilla team, readd if needed.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2013-01-08 01:02:40 UTC
This issue was resolved and addressed in
 GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).