I highly doubt you reported this to Mozilla in "September of 2009". I don't think time machines like that exist yet, but i'd be pleased to be wrong.
Berend-Jan Wever wrote: > ...sigh.... > > This is https://bugzilla.mozilla.org/show_bug.cgi?id=456727, which I > reported to Mozilla in September of 2009. It is a NULL ptr DoS, there > is no "exploit" in the sense of executing arbitrary code, just a > "repro" that can trigger a crash. The repro provided by Carl is the > exact same repro I provided to Mozilla. > > Incidentally, Carl has report this exact same bug > before: http://seclists.org/fulldisclosure/2009/Jan/0219.html. This is > how the repro got on milw0rm in the first place > (http://milw0rm.com/exploits/8091). Aditya K Sood later submitted the > repro (slightly modified) to milw0rm as his code as well > (http://milw0rm.com/exploits/8219). > > Some say plagiarism is the sincerest form of flattery, so I guess I'll > start obfuscating my repros into ASCII art that says "SkyLined" to > prevent any more people from flattering me. > > Cheers, > Sky > > > Berend-Jan Wever <berendjanwe...@gmail.com > <mailto:berendjanwe...@gmail.com>> > http://skypher.com/SkyLined > > > > > On Sat, Apr 4, 2009 at 2:39 PM, carl hardwick <hardwick.c...@gmail.com > <mailto:hardwick.c...@gmail.com>> wrote: > > I found an unpatched vulnerability in the latest Firefox 3.0.8 allows > a remote attacker to cause a DoS. > A 0-day exploit is available here: > > http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oPfkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8xnmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjwsAAAA1umYfXMbeoe6wr8IrMRRv > > <http://carl-hardwick.googlegroups.com/web/Firefox+3.0.8+DoS.htm?gda=i_oPfkcAAACkS-ZCh60y1HGkG90OfxntdaCvR5MIFXIiKOQt5O80jPqLKEFpBrbag3mOAa49_d8xnmtLTzx06f-L8nRUL3egeV4duv6pDMGhhhZdjQlNAw&gsc=HORKjwsAAAA1umYfXMbeoe6wr8IrMRRv> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
