Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 17 Apr 2008 17:29:01 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Hanno Böck <hanno@...eck.de>
cc: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: firefox 2.0.14 ( Crash in JavaScript
 garbage collector)


On Thu, 17 Apr 2008, Hanno [utf-8] Böck wrote:

> Ok, then please include this one:
> http://www.securityfocus.com/bid/27243
> http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html
> http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities

See below.

Do you have a specific Firefox/Gentoo/Debian version?

- Steve


======================================================
Name: CVE-2007-6715
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6715
Reference: MISC:http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html
Reference: MISC:http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
Reference: MISC:http://sam.zoy.org/zzuf/
Reference: BID:27243
Reference: URL:http://www.securityfocus.com/bid/27243

Mozilla Firefox allows remote attackers to cause a denial of service
(crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif
test case.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ