Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service.
Mozilla 3.0.3 – 1.9.0 Branch (Specifically for Latest Version)
Disclosed: 28 September 2008
Release Date. 28 September ,2008
The mozilla firefox is vulnerable to user interface event dispatcher null pointer dereference denial of service attacks. The dispatched event created dynamically leads to firefox crash when it is called directly or in a defined loop with number of generated user interface events.The resultant crash results in
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000007
Crashed Thread: 0
Thread 0 Crashed: 0 libxpcom_core.dylib nsTArray_base::Length() const + 11
nsTArray&) + 261 (nsContentUtils.cpp:4083)
This security issue is a result of unhandled exception which is a result of null pointer dereference.
Link from my friend Vinsento