Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Multiple browsers race conditions
updated since 18.08.2006
Published: 05.01.2007
Source: BUGTRAQ
SecurityVulns ID: 6519
Type: client
Level: 6/10
Description: There are different race condition with threading synchronization on different concurrent events.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
NETSCAPE : Netscape 8.1
MOZILLA : Firefox 1.5
KMELEON : K-Meleon 1.0
MICROSOFT : Windows Vista
CVE: CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger null pointer dereferences or memory corruption.)

Original document Michal Zalewski, Concurrency strikes MSIE (potentially exploitable msxml3 flaws) (05.01.2007)

Juha-Matti Laurio, Flock Concurrency-related Memory Corruption Vulnerability (21.08.2006)

Juha-Matti Laurio, Netscape Concurrency-related Memory Corruption Vulnerability (21.08.2006)

document Juha-Matti Laurio, K-Meleon Concurrency-related Vulnerability (21.08.2006)

Michal Zalewski, Re: Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)

Michal Zalewski, Concurrency-related vulnerabilities in browsers - expect problems (18.08.2006)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod