[Bug 489411] New: Firefox exploitable crash in xMozillaXSLTProcessor::TransformToDoc
https://bugzilla.novell.com/show_bug.cgi?id=489411 Summary: Firefox exploitable crash in xMozillaXSLTProcessor::TransformToDoc Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: All OS/Version: openSUSE 11.1 Status: NEW Severity: Critical Priority: P5 - None Component: Firefox AssignedTo: bnc-team-mozilla@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa@suse.de Found By: --- Created an attachment (id=282338) --> (https://bugzilla.novell.com/attachment.cgi?id=282338) POC exploit code, crashes Firefox User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.7) Gecko/2009022800 SUSE/3.0.7-1.1.6 Firefox/3.0.7 Firefox 3...3.0.7 contains a exploitable crash in the XSLT processor. This was fixed upstream and is due for the 3.0.8 high-priority release after their internal tests. https://bugzilla.mozilla.org/show_bug.cgi?id=485217 https://wiki.mozilla.org/Releases/Firefox_3.0.8 POC exploit: http://milw0rm.com/exploits/8285 With exploit code published the upstream patch should be integrated ASAP for a timely release of updates packages for openSUSE. Reproducible: Always Steps to Reproduce: 1. wget http://milw0rm.com/sploits/2009-ffox-poc.tar.gz 2. tar -xf 2009-ffox-poc.tar.gz 3. firefox xmlcrash.html -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=489411 User Andreas.Stieger@gmx.de added comment https://bugzilla.novell.com/show_bug.cgi?id=489411#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> 2009-03-26 10:39:15 MST --- Created an attachment (id=282340) --> (https://bugzilla.novell.com/attachment.cgi?id=282340) upstream patch upstream patch from https://bugzilla.mozilla.org/show_bug.cgi?id=485217 https://bug485217.bugzilla.mozilla.org/attachment.cgi?id=369321 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=489411 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=489411#c2 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de, | |wolfgang@rosenauer.org Summary|Firefox exploitable crash |VUL-0: Firefox exploitable |in |crash in |xMozillaXSLTProcessor::Tran |xMozillaXSLTProcessor::Tran |sformToDoc |sformToDoc --- Comment #2 from Marcus Meissner <meissner@novell.com> 2009-03-27 03:57:18 MST --- thanks for the report. we are aware of the upcoming 3.0.8 release already. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=489411 User Andreas.Stieger@gmx.de added comment https://bugzilla.novell.com/show_bug.cgi?id=489411#c3 --- Comment #3 from Andreas Stieger <Andreas.Stieger@gmx.de> 2009-03-27 07:01:20 MST --- I branched the mozilla-xulrunner190 package from openSUSE:11.1:Update, added the upstream patch and verified that it renders the exploit ineffective. https://build.opensuse.org/package/show?package=mozilla-xulrunner190&project=home%3AAndreasStieger%3Abranches%3AopenSUSE%3A11.1%3AUpdate https://build.opensuse.org/package/view_file?file=project.diff&package=mozilla-xulrunner190&project=home%3AAndreasStieger%3Abranches%3AopenSUSE%3A11.1%3AUpdate http://download.opensuse.org/repositories/home:/AndreasStieger:/branches:/op... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=489411 User wolfgang@rosenauer.org added comment https://bugzilla.novell.com/show_bug.cgi?id=489411#c4 --- Comment #4 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2009-03-27 07:30:34 MST --- Thanks for the additional testing. The 3.0.8 release is scheduled for next week. As it not only contains this issue it has to wait for the upstream release anyway. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com