Closed Bug 598669 (CVE-2010-3183) Opened 9 years ago Closed 9 years ago
Getter Or Setter Remote Code Execution Vulnerability (ZDI-CAN-929)
Fixed by bug 509075 I believe. Deferring to mrbkap and jorendorff for final confirmation.
We should not assume this is "it". There's never only one cockroach. bhackett says sixgill can find any more statically -- cc'ing him to confirm based on details. /be
Would be cool to write a static analysis that can find the bug in the old code and then see what else it flags. I like it.
I should have reports from sixgill on read overflows of 64-bit quantities (to catch both jsval and js::Value) tomorrow or Friday. The tool is (nearly) sound so will definitely find this bug, the challenge is getting it to reliably identify correct handlers. Will probably need a little iteration to get the right annotations where fast natives are called.
Again, this is already fixed. We should DUP, not block on this one.
This testcase doesn't appear to crash 188.8.131.52pre (on mac anyway). I just repeatedly get the slow-script dialog.
(In reply to comment #5) > Again, this is already fixed. We should DUP, not block on this one. It's got a separate testcase, that appears to have different behavior at least on 1.9.1.x. "Depends on" is better so we don't forget to verify both testcases after the fix.
Assignee: gal → mrbkap
Depends on: 509075
Whiteboard: [sg:critical] → [sg:critical] fixed on trunk by 509075
Do we need this fix on the 1.9.1 branch too?
bug 509075 has been checked in, let's verify that was the fix in an upcoming nightly build.
Can this be marked FIXED since it's fixed on trunk then?
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Bug 509075 is now public, so I guess this can be public now too.
You need to log in before you can comment on or make changes to this bug.