http://bugzilla.novell.com/show_bug.cgi?id=568011 http://bugzilla.novell.com/show_bug.cgi?id=568011#c9 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |security-team@suse.de Info Provider|ast@novell.com | Summary|Mozilla Firefox 3.5.7 / |VUL-0: Mozilla Firefox |3.0.17 |3.5.7 / 3.0.17 --- Comment #9 from Marcus Meissner <meissner@novell.com> 2010-01-08 09:58:36 UTC --- Name: CVE-2010-0220 The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Reference: CONFIRM: https://bugzilla.mozilla.org/show_bug.cgi?id=507114 Reference: CONFIRM: http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes/ Reference: MISC: http://isc.sans.org/diary.html?storyid=7897 Reference: CONFIRM: http://hg.mozilla.org/mozilla-central/rev/51396f6c9f20 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.