Computer Security

Security Advisory: Flock Concurrency-related Memory Corruption Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Multiple browsers race conditions

  Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

  Netscape Concurrency-related Memory Corruption Vulnerability

  K-Meleon Concurrency-related Vulnerability

  Re: Concurrency-related vulnerabilities in browsers - expect problems

From:Juha-Matti Laurio <juha-matti.laurio_(at)_netti.fi>
Date:21.08.2006
Subject:Flock Concurrency-related Memory Corruption Vulnerability

The newest version of Flock browser is affected to so-called concurrency-related XML handler memory corruption vulnerability disclosed on Bugtraq recently.
When visiting the test link http://lcamtuf.coredump.cx/ffoxdie3.html
browser crashed after a delay of some seconds. No user interaction was needed.

Affected versions:
Vulnerability has been confirmed in Flock 0.7.4.1 in Windows 2000 SP4 fully patched.
UA string: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.5) Gecko/20060731 Firefox/1.5.0.5 Flock/0.7.4.1

Solution status:
No updated version available from the vendor at the time of reporting.

Vendor Homepage:
http://www.flock.com/

Credit:
This vulnerability was reported earlier in Firefox 1.5.0.6 by Michal Zalewski.
Juha-Matti Laurio confirmed this vulnerability in Flock.

This message provides some additional information to previous message related to K-Meleon browser.

Timeline:
18-Aug-2006 - Vulnerability confirmed in Flock
19-Aug-2006 - Security companies and several CERT units contacted


Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server