Firefox 3.5 unicode stack overflow POC

VERIFIED DUPLICATE of bug 504342

Status

()

--
critical
VERIFIED DUPLICATE of bug 504342
10 years ago
10 years ago

People

(Reporter: matafagafo, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 504342], URL)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)

I found this POC http://www.milw0rm.com/exploits/9158 of a "new" discovered Stack Overflow, as I can see if this bug is already filled (security  flag) I resolved to create a new one.


Reproducible: Always

Steps to Reproduce:
1.Run the code in showed in the POC
2.
3.
Actual Results:  
Crash

Expected Results:  
Not Crash

Link of the POC http://www.milw0rm.com/exploits/9158
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 504342
(Reporter)

Comment 2

10 years ago
One more comment, this is not the same POC that was available at 12 July this is a new one, made available today 14 July.
I hope this helps.
Thanks
(Reporter)

Comment 3

10 years ago
This works even whit the javascript.options.jit.content set to false
Whiteboard: [sg:dupe 504342]
Group: core-security
(Reporter)

Comment 4

10 years ago
I just installed the 3.5.1 (bild1) from the beta channel, and tested against the exploit code, and the crash don't happened.
The exploit seems to be solved.

Updated

10 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.