Related information

Multiple browsers race conditions

Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

Flock Concurrency-related Memory Corruption Vulnerability

Netscape Concurrency-related Memory Corruption Vulnerability

K-Meleon Concurrency-related Vulnerability

From:	Michal Zalewski <lcamtuf_(at)_DIONE.IDS.PL>
Date:	18.08.2006
Subject:	Re: Concurrency-related vulnerabilities in browsers - expect problems

Here's another separate issue that typically causes fault on memory access
to website-influenced memory access:

http://lcamtuf.coredump.cx/ffoxdie3.html

This is separate from the previously presented example (which, remarkably,
also had a tendency to trigger an unrelated call stack overflow due to XML
parsing glitch on some platforms, which caused some confusion - my bad).

Note that because it depends on timing more heavily, it may not work in
the first shot on all computers (though it should).

/mz