iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and,MozillaBrowser Out Of Memory Heap Corruptio

Discussion in 'Computer Security' started by winged, Mar 2, 2005.

  1. winged

    winged Guest

    FIX: UPGRADE FIREFOX 1.01 posted at firefox site.

    http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities&flashstatus=false

    The article indicates there are no currently know work arounds.

    Thought folks here would find this interesting.

    CAN-2005-0255

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255

    Mozilla indicates the likelihood of a working exploit is minimal:

    http://www.mozilla.org/security/announce/mfsa2005-18.html

    Mozilla indicates version 1.01 is not vulnerable.

    I thought folks might be interested. I would upgrade, while I
    understand the complexity of the exploit (ie injecting code at the fail
    point when memory heap is exhausted) a failed attempt would crash the
    browser. I would prefer my browser, or anything else, don't crash. I
    wouldn't be surprised to see the bad guys crash the browser just to be
    rude to those refusing their play toys.

    Winged
     
    winged, Mar 2, 2005
    #1
    1. Advertisements

  2. winged

    winged Guest

    Was doing some research on the individual (Daniel de Wildt) who surfaced
    this exploit and saw he had identified several others. (Just checking to
    see if he was related to Microsoft, would have made a nice conspiracy
    theory), but alas he has surfaced several MS exploits too. Someone get
    this guy a passport and a job, he would be useful! He is involved in
    much more than researching exploits, a true nerd. Of course it sounds
    like he has a very full plate. An interesting person. Great google
    excursion.

    Winged
     
    winged, Mar 2, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.