DOS in user interface event dispatcher in Mozilla Firefox <=3.0.3

RESOLVED DUPLICATE of bug 454820

Status

()

defect
--
major
RESOLVED DUPLICATE of bug 454820
11 years ago
11 years ago

People

(Reporter: craig, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

()

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.17) Gecko/20081001 Firefox/2.0.0.17
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.17) Gecko/20081001 Firefox/2.0.0.17

CVE-2008-4324 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4324):
  The user interface event dispatcher in Mozilla Firefox 3.0.3 on
  Windows XP SP2 allows remote attackers to cause a denial of service
  (NULL pointer dereference and application crash) via a series of
  keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup
  events.  NOTE: it was later reported that Firefox 3.0.2 on Mac OS X
  10.5 is also affected.

Actually, Linux is also vulnerable.

Reproducible: Always

Steps to Reproduce:
1. go to http://www.secniche.org/moz303/index.html
2. click the link
3. see your browser crash
Actual Results:  
It crashed.

Expected Results:  
It should not crash.

Sorry if this is a dup, but I did not find the bug in your bugzilla...
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 454820
You need to log in before you can comment on or make changes to this bug.