Closed Bug 504343 Opened 14 years ago Closed 14 years ago

Firefox 3.5 unicode stack overflow POC

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 504342

People

(Reporter: matafagafo, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:dupe 504342]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)

I found this POC http://www.milw0rm.com/exploits/9158 of a "new" discovered Stack Overflow, as I can see if this bug is already filled (security  flag) I resolved to create a new one.


Reproducible: Always

Steps to Reproduce:
1.Run the code in showed in the POC
2.
3.
Actual Results:  
Crash

Expected Results:  
Not Crash

Link of the POC http://www.milw0rm.com/exploits/9158
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
One more comment, this is not the same POC that was available at 12 July this is a new one, made available today 14 July.
I hope this helps.
Thanks
This works even whit the javascript.options.jit.content set to false
Whiteboard: [sg:dupe 504342]
I just installed the 3.5.1 (bild1) from the beta channel, and tested against the exploit code, and the crash don't happened.
The exploit seems to be solved.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.