Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14519
HistoryOct 02, 2006 - 12:00 a.m.

[Full-disclosure] 0day in Firefox from ToorCon '06

2006-10-0200:00:00
vulners.com
17
JSON

CNet is writing about some 0day vulnerabilities in Firefox that were
demonstrated at ToorCon '06 by Mischa Spiegelmock and Andrew Wbeelsoi:

http://news.zdnet.com/2100-1009_22-6121608.html

Mischa and Andrew also claim to have found about 30 0day vulnerabilities
in Firefox. The article mention that the vulnerabilities from the
presentation are specific to Firefox's implementation of Javascript and
hints that they are stack overflows. On the other hand, the recent
security-related Mozilla commits following the presentation deal with
improper validation of scope chain lookups in jsxml.c, jsinterp.c and
jsiter.c, which could allow injecting content into the Chrome context.
We'll probably see a security release of Firefox in the next week, but
in the mean time I have put a couple of links to the code diff's that
fix these vulnerabilities at

http://blogs.securiteam.com/index.php/archives/657


Thor Larholm

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON