full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Firefox 3.0.5 remote vulne

[Full-disclosure] Firefox 3.0.5 remote vulnerability via queryCommandState

From: carl hardwick <hardwick.carl_at_nospam>
Date: Wed Jan 07 2009 - 15:53:59 GMT
To: Full-Disclosure@lists.grok.org.uk

An unpatched security flaw has been discovered in the latest version of Firefox 3.0.5 which allows a remote attacker to crash the browser with a special crafted HTML page using a queryCommandState:

PoC: http://groups.google.it/group/carl-hardwick/web/Firefox305RemoteDoS.htm

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/