BugTraq
Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Oct 31 2006 08:00PM
xxxx gmail com (2 replies)
Re[3]: New Flaw in Firefox 2.0: DoS and possible remote code execution Nov 01 2006 03:13PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Nov 02 2006 07:01PM
Jerome Athias (jerome athias free fr)
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Oct 31 2006 09:56PM
Daniel Veditz (dveditz cruzio com)
xxxx (at) gmail (dot) com [email concealed] wrote:
> When you have a NULL pointer dereference a code execution is also possible, so you can't exclude it at all.
> For example in this old flaw:
> http://securitytracker.com/alerts/2006/Apr/1016001.html

In that example there was a way to influence the crash so that it was not null.
The Metasploit blog previously reported on a way to use a null dereference crash
to trigger a vulnerability in the windows SEH to run code (since fixed, and not
exploitable via Firefox as far as anyone can tell).

Neither of those conditions apply here, it's just a null dereference. In a debug
build you get

###!!! ASSERTION: Parsing didn't create a parser context?: 'mParserContext',
file c:/dev/ff2/mozilla/parser/htmlparser/src/nsParser.cpp, line 1882

This bug appears to have been fixed in the code that will become Firefox 3. This
crash is being tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=358797

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus