|
|
| |
| A vulnerability in Netscape browser allows remote attackers to corrupt the memory of the browser by sending it malformed HTML content. |
| |
Credit:
The information has been provided by Juha-Matti Laurio.
|
| |
Vulnerable Systems:
* Netscape Browser version 8.1 in Windows 2000 SP4 fully patched
Immune Systems:
* Firefox version 1.5.0.6
When visiting the test link http://lcamtuf.coredump.cx/ffoxdie.html (included to the original vulnerability report related to Firefox) browser crashed immediately generating Application Error. No user interaction was needed.
Solution status:
No updated version available from the vendor at the time of reporting.
Workarounds:
The following working workaround has been tested: Disable JavaScript support from Tools / Options... / Site Controls.
Timeline:
18-Aug-2006 - Vulnerability confirmed in Netscape
19-Aug-2006 - Vendor was contacted
19-Aug-2006 - Security companies and several CERT units contacted
|
| Subject:
|
Firefox 1.5.0.6 is vulnerable |
Date: |
24 Aug. 2006 |
| From: |
mattiegmail.com |
Why the title of this advisory says "e;Netscape"e; and not Mozilla?
All Mozilla products are vulnerable to this issue:
Vulnerable: Netscape Browser 8.1
Mozilla Firefox 1.5 beta 2
Mozilla Firefox 1.5 beta 1
Mozilla Firefox 1.5 .6
Mozilla Firefox 1.5 .5
Mozilla Firefox 1.0.8
http://www.securityfocus.com/bid/19488
http://www.securityfocus.com/bid/19534 |
|
| Subject:
|
To clarify |
Date: |
15 Sep. 2006 |
| From: |
Juha-Matti Laurio |
| Yes, Mozilla Firefox is affected too. The recent title has been used because I have confirmed and reported this vulnerability in Netscape. Additionally, the description text is referring to 'vulnerability report related to Firefox'. |
|
|
|
|
