Mozilla Firefox Advisory: Memory Corruption Risk For System Control

Polish hacker Michal Zalewski has found yet another flaw in Mozilla's Firefox browser, this one having to do with memory corruption and possible system takeover. While he was at it, he also found an IE flaw that sets up malicious pages that won't let visitors leave. And that taunt the trapped user while they're at it--at least in his funny demo.

He has posted a demo that displays a crash in Firefox that he says is caused by corrupted pointers. It also caused a crash when I visited it in IE, FWIW.

"Firefox is susceptible to a seemingly pretty nasty, and apparently easily exploitable memory corruption vulnerability," he writes. "When a location transition occurs and the structure of a document is modified from within onUnload event handler, freed DOM-related memory structures are left in inconsistent state, possibly leading to a remote compromise."

The link for this article located at eweek is no longer available.