https://bugzilla.novell.com/show_bug.cgi?id=489411 Summary: Firefox exploitable crash in xMozillaXSLTProcessor::TransformToDoc Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: All OS/Version: openSUSE 11.1 Status: NEW Severity: Critical Priority: P5 - None Component: Firefox AssignedTo: bnc-team-mozilla@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa@suse.de Found By: --- Created an attachment (id=282338) --> (https://bugzilla.novell.com/attachment.cgi?id=282338) POC exploit code, crashes Firefox User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.7) Gecko/2009022800 SUSE/3.0.7-1.1.6 Firefox/3.0.7 Firefox 3...3.0.7 contains a exploitable crash in the XSLT processor. This was fixed upstream and is due for the 3.0.8 high-priority release after their internal tests. https://bugzilla.mozilla.org/show_bug.cgi?id=485217 https://wiki.mozilla.org/Releases/Firefox_3.0.8 POC exploit: http://milw0rm.com/exploits/8285 With exploit code published the upstream patch should be integrated ASAP for a timely release of updates packages for openSUSE. Reproducible: Always Steps to Reproduce: 1. wget http://milw0rm.com/sploits/2009-ffox-poc.tar.gz 2. tar -xf 2009-ffox-poc.tar.gz 3. firefox xmlcrash.html -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.