FS#15505 - [firefox] Heap Spray Vulnerabilty

Attached to Project: Arch Linux
Opened by Roman Kyrylych (Romashka) - Tuesday, 14 July 2009, 14:30 GMT
Last edited by Jan de Groot (JGC) - Saturday, 18 July 2009, 13:24 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Jan de Groot (JGC)
Pierre Schmitz (Pierre)
Eric Belanger (Snowman)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

There is an exploit for Mozilla Firefox 3.5 heap spray vulnerability:
http://www.milw0rm.com/exploits/9137

From comments on some sites it looks like 3.0.11 is affected too.
It is also said that both DoS and arbitrary code execution is possible.
No patch to plug the hole is known to exist at this moment.
This task depends upon

Closed by  Jan de Groot (JGC)
Saturday, 18 July 2009, 13:24 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.5.1-1 is in the repositories now.
Comment by Roman Kyrylych (Romashka) - Tuesday, 14 July 2009, 17:36 GMT
Lowering the severity of the issue because:
1) the exploit in the wild is suited for 32bit Windows (LOL, didn't noticed that)
2) though it does work on Linux system it does not lead to arbitrary code execution (because of reason above),
the usual effect is just a hang (up to one minute long) of loading the page with exploit

Still the vulnerability can be exploited to arbitrary code execution on Linux (requires writing a specific payload),
so it's better to apply a fix as soon as it arrives.
Comment by Eric Belanger (Snowman) - Tuesday, 14 July 2009, 19:03 GMT
just let us know when a patch will be availiable and we'll fix it ASAP.
I guess that patch will be reported here when it'll be done: http://secunia.com/advisories/35798/
Comment by Pierre Schmitz (Pierre) - Wednesday, 15 July 2009, 23:27 GMT
btw: x86_64 shouldn't be affected by this. There ist just no JIT on that platform.
Comment by Roman Kyrylych (Romashka) - Thursday, 16 July 2009, 07:22 GMT
No JIT? Wow, I guess that means JS in Gecko is slower on x86_64. O_o
Comment by xduugu (xduugu) - Thursday, 16 July 2009, 20:42 GMT
It's fixed in 3.5.1, which was released today.
Comment by Jan de Groot (JGC) - Thursday, 16 July 2009, 21:40 GMT
In case someone else will be updating firefox and xulrunner: make sure the installed directory stays /usr/lib/xulrunner-1.9.1 and /usr/lib/firefox-3.5. Don't let these things follow the version number.

Loading...