Bug#345469: DOS/hang

Joey Hess Sat, 31 Dec 2005 11:33:13 -0800

Package: mozilla-firefox
Version: 1.0.7-1
Severity: normal
Tags: security

This web page, which was originally developed as a proof of concept for
a different security hole in MSIE, makes firefox spin, consuming cpu and
being completly unresponsive to user input until killed.


http://www.computerterrorism.com/research/ie/poc.htm#

This is CVE-2005-3896.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-rc5-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages mozilla-firefox depends on:
ii  debianutils              2.15.2          Miscellaneous utilities specific t
ii  fontconfig               2.3.2-1.1       generic font configuration library
ii  libatk1.0-0              1.10.3-1        The ATK accessibility toolkit
ii  libc6                    2.3.5-9         GNU C Library: Shared libraries an
ii  libfontconfig1           2.3.2-1.1       generic font configuration library
ii  libfreetype6             2.1.10-1        FreeType 2 font engine, shared lib
ii  libgcc1                  1:4.0.2-5       GCC support library
ii  libglib2.0-0             2.8.4-2         The GLib library of C routines
ii  libgtk2.0-0              2.8.9-2         The GTK+ graphical user interface 
ii  libidl0                  0.8.5-1         library for parsing CORBA IDL file
ii  libjpeg62                6b-11           The Independent JPEG Group's JPEG 
ii  libkrb53                 1.4.3-5         MIT Kerberos runtime libraries
ii  libpango1.0-0            1.10.1-2        Layout and rendering of internatio
ii  libpng12-0               1.2.8rel-5      PNG library - runtime
ii  libstdc++6               4.0.2-5         The GNU Standard C++ Library v3
ii  libx11-6                 6.8.2.dfsg.1-11 X Window System protocol client li
ii  libxext6                 6.8.2.dfsg.1-11 X Window System miscellaneous exte
ii  libxft2                  2.1.7-1         FreeType-based font drawing librar
ii  libxinerama1             6.8.2.dfsg.1-11 X Window System multi-head display
ii  libxp6                   6.8.2.dfsg.1-11 X Window System printing extension
ii  libxt6                   6.8.2.dfsg.1-11 X Toolkit Intrinsics
ii  psmisc                   21.8-1          Utilities that use the proc filesy
ii  xlibs                    6.8.2.dfsg.1-11 X Window System client libraries m
ii  zlib1g                   1:1.2.3-9       compression library - runtime

mozilla-firefox recommends no packages.

-- 
see shy jo

signature.asc
Description: Digital signature

Bug#345469: DOS/hang

Reply via email to