Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13952
HistoryAug 21, 2006 - 12:00 a.m.

Flock Concurrency-related Memory Corruption Vulnerability

2006-08-2100:00:00
vulners.com
10
JSON

The newest version of Flock browser is affected to so-called concurrency-related XML handler memory corruption vulnerability disclosed on Bugtraq recently.
When visiting the test link http://lcamtuf.coredump.cx/ffoxdie3.html
browser crashed after a delay of some seconds. No user interaction was needed.

Affected versions:
Vulnerability has been confirmed in Flock 0.7.4.1 in Windows 2000 SP4 fully patched.
UA string: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.0.5) Gecko/20060731 Firefox/1.5.0.5 Flock/0.7.4.1

Solution status:
No updated version available from the vendor at the time of reporting.

Vendor Homepage:
http://www.flock.com/

Credit:
This vulnerability was reported earlier in Firefox 1.5.0.6 by Michal Zalewski.
Juha-Matti Laurio confirmed this vulnerability in Flock.

This message provides some additional information to previous message related to K-Meleon browser.

Timeline:
18-Aug-2006 - Vulnerability confirmed in Flock
19-Aug-2006 - Security companies and several CERT units contacted

Best regards,
Juha-Matti Laurio
Networksecurity.fi
http://www.networksecurity.fi/

JSON