Re: [Full-disclosure] Firefox 3.0.5 remote vulnerability via queryCommandState

Sorry, something went wrong while copy+pasting the repro URL: http://skypher.com/SkyLined/Repro/FireFox/FireFox%203.0.1%20(Build%202008070208)%20av-read...@xul!jvm_maybeshutdownliveconnect+0xdbe0/repro.html ---

Re: [Full-disclosure] Firefox 3.0.5 remote vulnerability via queryCommandState

This bug was reported by me to Mozilla in September. It is DoS only. https://bugzilla.mozilla.org/show_bug.cgi?id=456727 https://bugzilla.mozilla.org/skypher.com/SkyLined/Repro/FireFox/FireFox%203.0.1%20(Build%202008070208)%20av-read%5b0...@xul!

[Full-disclosure] Firefox 3.0.5 remote vulnerability via queryCommandState

An unpatched security flaw has been discovered in the latest version of Firefox 3.0.5 which allows a remote attacker to crash the browser with a special crafted HTML page using a queryCommandState: PoC: http://groups.google.it/group/carl-hardwick/web/Firefox305RemoteDoS.htm __