Firefox 3.5 unicode stack overflow POC

VERIFIED DUPLICATE of bug 504342

Status

()

Firefox
General
--
critical
VERIFIED DUPLICATE of bug 504342
9 years ago
9 years ago

People

(Reporter: Fernando Hartmann, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:dupe 504342], URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)

I found this POC http://www.milw0rm.com/exploits/9158 of a "new" discovered Stack Overflow, as I can see if this bug is already filled (security  flag) I resolved to create a new one.


Reproducible: Always

Steps to Reproduce:
1.Run the code in showed in the POC
2.
3.
Actual Results:  
Crash

Expected Results:  
Not Crash

Link of the POC http://www.milw0rm.com/exploits/9158
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 504342
(Reporter)

Comment 2

9 years ago
One more comment, this is not the same POC that was available at 12 July this is a new one, made available today 14 July.
I hope this helps.
Thanks
(Reporter)

Comment 3

9 years ago
This works even whit the javascript.options.jit.content set to false
Whiteboard: [sg:dupe 504342]
Group: core-security
(Reporter)

Comment 4

9 years ago
I just installed the 3.5.1 (bild1) from the beta channel, and tested against the exploit code, and the crash don't happened.
The exploit seems to be solved.

Updated

9 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.