this exploit still works with the latest Firefox 2.0 RC3

Tue, 17 2006, Mike (AT) gmail (DOT) com wrote:

this exploit still works with the latest Firefox 2.0 RC3

also caused FFox 1.5.0.7 on S X i386 to die.

jose nazario, ph.d. jose (AT) monkey (DOT) org
http://monkey.org/~jose/ http://monkey.org/~jose/secnews.html
http://www.wormblog.com/

10/17/06 at about 5am EST, Mike wrote:
this exploit still works with the latest Firefox 2.0 RC3
Later that day, Jose Nazario wrote:
also caused FFox 1.5.0.7 on S X i386 to die.
Also Firefox 1.5.0.7 on Windows XP Pro SP2 (English).
-Eliah

Firefox 1.5.07 on CS died quite nicely too.
Mike (AT) gmail (DOT) com wrote:
this exploit still works with the latest Firefox 2.0 RC3
>
>
>

Tuesday, 17, 2006 18:05:22 -0400 Eliah Kagan
<degeneracypressure (AT) gmail (DOT) comwrote:

10/17/06 at about 5am EST, Mike wrote:
>
>this exploit still works with the latest Firefox 2.0 RC3
>
Later that day, Jose Nazario wrote:
>also caused FFox 1.5.0.7 on S X i386 to die.
>
Also Firefox 1.5.0.7 on Windows XP Pro SP2 (English).

And Firefox 1.5.0.7 on FreeBSD 6.0 RELEASE.

Paul Schmehl (pauls (AT) utdallas (DOT) edu)
Adjunct Information Security
The University of Texas at Dallas

Eliah Kagan wrote:
10/17/06 at about 5am EST, Mike wrote:
>
>this exploit still works with the latest Firefox 2.0 RC3

Later that day, Jose Nazario wrote:
>also caused FFox 1.5.0.7 on S X i386 to die.

Also Firefox 1.5.0.7 on Windows XP Pro SP2 (English).
-Eliah

Also Firefox 1.5.0.7 and SeaMonkey 1.0.5 on x86_64.

Message
From: Mike (AT) gmail (DOT) com [mailto:Mike (AT) gmail (DOT) com]
Sent: Tuesday, 17, 2006 2:10 AM
To: bugtraq (AT) securityfocus (DOT) com
Subject: Flaw in Firefox 2.0 RC2

this exploit still works with the latest Firefox 2.0 RC3

Hmmm after a quickie check of the website IE 7.0.5600.16384 i386 on
Windows Vista x64 also went down. The x64 build of IE 7 pegged the CPU
at 100% while the i386 build of IE 7 only hit the machine lightly.
both browser windows appeared to cause a memory leak as the
system required a restart to bring memory usage down to normal levels
again.

Sean

It is also affecting any browser using the Gecko rendering engine
(gecko-1.8 at least), such as Epiphany and Galeon, and not restricted to
'Firefox'.
-m

Wed, 2006-10-18 at 10:28 +1000, jm wrote:
Firefox 1.5.07 on CS died quite nicely too.

Mike (AT) gmail (DOT) com wrote:

this exploit still works with the latest Firefox 2.0 RC3
--

PGP SIGNATURE
Version: GnuPG v1.4.3 (GNU/Linux)

9ZIsx0TSZxTkZBizbiWzlZ0=
=S4cj
PGP SIGNATURE