Bugtraq mailing list archives

Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error

From: dveditz () cruzio com
Date: Tue, 1 Mar 2005 08:17:05 GMT

Quoting iDEFENSE Labs <labs-no-reply () idefense com>:

iDEFENSE Labs have confirmed The Mozilla Organization's Mozilla 1.7.1 
and 1.7.3, as well as Firefox 0.10.1 are vulnerable to this
issue. A check on the source code for Firefox 1.0 suggests it is also
vulnerable. It is suspected that all previous versions of both browsers
are vulnerable.


Don't you mean 1.0.1 and not "0.10.1" as the vulnerable version of Firefox?


No, they meant 0.10.1, the Firefox Preview Release from last fall. Firefox 1.0.1
contains a fix (as will Mozilla 1.7.6) and has just been released.

-Dan Veditz
Mozilla Security
Group

Current thread:

iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error iDEFENSE Labs (Feb 28)
- Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error Miles Beck (Feb 28)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error dveditz (Mar 01)