Computer Security

Security Advisory: K-Meleon Concurrency-related Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Multiple browsers race conditions

  Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

  Flock Concurrency-related Memory Corruption Vulnerability

  Netscape Concurrency-related Memory Corruption Vulnerability

  Re: Concurrency-related vulnerabilities in browsers - expect problems

From:Juha-Matti Laurio <juha-matti.laurio_(at)_netti.fi>
Date:21.08.2006
Subject:K-Meleon Concurrency-related Vulnerability

The newest version of K-Meleon browser is affected to disclosed on Bugtraq recently.
When using test link http://lcamtuf.coredump.cx/ffoxdie3.html
browser crashed after a delay of some seconds. No user interaction was needed.

Affected versions:
Vulnerability has been confirmed in K-Meleon 1.0.1 in Windows 2000 SP4 fully patched.

Solution status:
No updated versions available from the vendor at the time of reporting.

Vendor status:
K-Meleon developers was contacted on 18th August 2006.

Credit:
This vulnerability was reported earlier in Firefox 1.5.0.6 by Michal Zalewski.
Juha-Matti Laurio confirmed this vulnerability in K-Meleon.

Timeline:
18-Aug-2006 - Vulnerability confirmed in K-Meleon
18-Aug-2006 - Vendor was contacted
18-Aug-2006 - Security companies and several CERT units contacted


Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server