Closed
Bug 883605
Opened 11 years ago
Closed 11 years ago
Mozilla firefox 21.0 use after free
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 664009
People
(Reporter: mr.k4rizma, Unassigned)
Details
Attachments
(1 file)
9.21 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 5.1; rv:21.0) Gecko/20100101 Firefox/21.0 (Beta/Release) Build ID: 20130511120803 Steps to reproduce: I created a test script in mozilla firefox Actual results: firefox get crashed and get a heap spray which is can be contoled yto exucute a code
Comment 1•11 years ago
|
||
This looks similar to bug 664009. The core of this seems to be reduceRight on an array.
Assignee: nobody → general
Component: Untriaged → JavaScript Engine
Product: Firefox → Core
Comment 2•11 years ago
|
||
This test case is pretty much identical to one you find when you google "firefox reduceRight exploit", in reference to CVE-2011-2371, so I'm going to assume this is a dupe...
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•