One bug to rule them all Firefox, IE, Safari, Opera, Chrome, Seamonkey

2009.07.26
Risk: High
Local: No
Remote: Yes
CWE: CWE-399


CVSS Base Score: 7.1/10
Impact Subscore: 6.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

________________________________________________________________________ One bug to rule them all IE5,IE6,IE7,IE8,Netscape,Firefox,Safari,Opera,Konqueror, Seamonkey,Wii,PS3,iPhone,iPod,Nokia,Siemens.... and more. ________________________________________________________________________ Update/Changes : ---------------- Backround : ~~~~~~~~~~~ + I failed to include details about the nature of the bug (DOM), the root cause is a DOM flaw and not a Javascript flaw as the Backround info might have lead to think. Thanks James Schend for the heads up. + The bug was present in a 9 year old version of Netscape - draw your own conclusions. Patch availability : ~~~~~~~~~~~~~~~~~~~~ + Seamonkey 1.1.17 and SeaMonkey 2 (soon to be Beta) have been patched Affected Products : ~~~~~~~~~~~~~~~~~~~~ + Blackberry 8800/probably all (null ptr exception, browser crash) Thanks to "528-0444" for the Report. + Google G1 latest (Firmware 1.5, Kernel: 2.6.27-00393-g6607056, Build: CRB43) (Browser crash) Thanks Scott Fraser for the Report.

References:

http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069772.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top