Multiple browsers race conditions updated since 18.08.2006
Published:		05.01.2007
Source:		BUGTRAQ
SecurityVulns ID:		6519
Type:		client
Level:		6/10
Description:		There are different race condition with threading synchronization on different concurrent events.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server
		NETSCAPE : Netscape 8.1
		MOZILLA : Firefox 1.5
		KMELEON : K-Meleon 1.0
		MICROSOFT : Windows Vista
CVE:		CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger null pointer dereferences or memory corruption.)

Original document		Michal Zalewski, Concurrency strikes MSIE (potentially exploitable msxml3 flaws) (05.01.2007)
		Juha-Matti Laurio, Flock Concurrency-related Memory Corruption Vulnerability (21.08.2006)
		Juha-Matti Laurio, Netscape Concurrency-related Memory Corruption Vulnerability (21.08.2006)
		Juha-Matti Laurio, K-Meleon Concurrency-related Vulnerability (21.08.2006)
		Michal Zalewski, Re: Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)
		Michal Zalewski, Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)

Discuss:

Read or add your comments to this news (0 comments)