Mozilla Foundation Security Advisory 2005-50
Exploitable crash in InstallVersion.compareTo
- July 12, 2005
- Firefox, Mozilla Suite
- Fixed in
- Firefox 1.0.5
- Mozilla Suite 1.7.10
When InstallVersion.compareTo() is passed an object rather than a string it assumed the object was another InstallVersion without verifying it. When passed a different kind of object the browser would generally crash with an access violation.
Update:(2005-12-14) Aviv Raff has posted a proof of concept exploit of this flaw that demonstrates execution of attacker-supplied code on windows.