OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] Firefox 3.0.5 remote vulnerability via queryCommandState

From: carl hardwick (hardwick.carlgmail.com)
Date: Wed Jan 07 2009 - 09:53:59 CST


An unpatched security flaw has been discovered in the latest version
of Firefox 3.0.5 which allows a remote attacker to crash the browser
with a special crafted HTML page using a queryCommandState:

PoC: http://groups.google.it/group/carl-hardwick/web/Firefox305RemoteDoS.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/