Closed Bug 459230 Opened 17 years ago Closed 17 years ago

DOS in user interface event dispatcher in Mozilla Firefox <=3.0.3

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 454820

People

(Reporter: craig, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.17) Gecko/20081001 Firefox/2.0.0.17 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.17) Gecko/20081001 Firefox/2.0.0.17 CVE-2008-4324 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4324): The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. Actually, Linux is also vulnerable. Reproducible: Always Steps to Reproduce: 1. go to http://www.secniche.org/moz303/index.html 2. click the link 3. see your browser crash Actual Results: It crashed. Expected Results: It should not crash. Sorry if this is a dup, but I did not find the bug in your bugzilla...
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.