• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox OnUnload Memory Corruption Vulnerability

References:

• 1.5.1 Release Notes (Camino)
  
• Bug 371321 â?? memory corruption when onUnload is mixed with document.write()s (Mozilla - Bugzilla)
  
• Mozilla Foundation Security Advisory 2007-08 (Mozilla)
  
• Firefox onUnload + document.write() memory corruption vulnerability (Michal Zalewski )
  
• Secunia Research: Internet Explorer 7 'onunload' Event Spoofing Vulnerability (Secunia Research)
  
• HPSBUX02153 SSRT061181 rev.5 - HP-UX Running Firefox, Remote Unauthorized Access (HP)
  
• RHSA-2007:0077-6 - seamonkey security update (Red Hat)
  
• RHSA-2007:0078-2 - Thunderbird security update (Red Hat)
  
• Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulner (Secunia Research)
  
• Vulnerability Note VU#393921 - Mozilla Firefox fails to properly handle JavaScri (US-CERT)