The newest version of K-Meleon browser is affected to disclosed on Bugtraq recently.
When using test link http://lcamtuf.coredump.cx/ffoxdie3.html
browser crashed after a delay of some seconds. No user interaction was needed.
Affected versions:
Vulnerability has been confirmed in K-Meleon 1.0.1 in Windows 2000 SP4 fully patched.
Solution status:
No updated versions available from the vendor at the time of reporting.
Vendor status:
K-Meleon developers was contacted on 18th August 2006.
Credit:
This vulnerability was reported earlier in Firefox 1.5.0.6 by Michal Zalewski.
Juha-Matti Laurio confirmed this vulnerability in K-Meleon.
Timeline:
18-Aug-2006 - Vulnerability confirmed in K-Meleon
18-Aug-2006 - Vendor was contacted
18-Aug-2006 - Security companies and several CERT units contacted
Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/