[VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems

From: Michal Zalewski (lcamtuf@private)
Date: Tue Aug 15 2006 - 12:41:48 PDT


Here's another separate issue that typically causes fault on memory access
to website-influenced memory access:

http://lcamtuf.coredump.cx/ffoxdie3.html

This is separate from the previously presented example (which, remarkably,
also had a tendency to trigger an unrelated call stack overflow due to XML
parsing glitch on some platforms, which caused some confusion - my bad).

Note that because it depends on timing more heavily, it may not work in
the first shot on all computers (though it should).

/mz



This archive was generated by hypermail 2.1.3 : Thu Aug 17 2006 - 11:02:07 PDT