XRender trapezoid drawing routines are broken in xorg-server 1.3.0, and causes X.org crashes. They can be used as a vector for Denial-of-Service attacks, as described in the following advisories: http://www.rapid7.com/advisories/R7-0027.jsp http://xforce.iss.net/xforce/xfdb/33976 The advisories say that xorg-server 1.3.1, that would presumably have been relased Apr 30, 2007, fixed this. No such release was made to date, and current git server-1.3-branch tree doesn't include the fix. This is likely the cause of the following bugs: Bug 443234 - X Server Crash with Firefox 3 Beta 5 Bug 448586 - Firefox 3 crashes Xorg at picture.c:1600 Bug 453607 - specific webpage in firefox crashes X All these bugs have backtraces pointing to the trapezoid rendering functions mentioned in the advisory. The actual fix for this problem seems to be commit 047bf3349bb697c73c95729a8bbf15f72605901f of the xorg/server git tree, which is not yet ported to server-1.3-branch. http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commit;h=047bf3349bb697c73c95729a8bbf15f72605901f Possible solutions include: 1. Request upstream to port the fix to server-1.3-branch, then release an updated package; or 2. backport the needed patches to fix this problem in current Fedora 8, RHEL 5.2.
Looks interesting
*** Bug 443234 has been marked as a duplicate of this bug. ***
*** Bug 453607 has been marked as a duplicate of this bug. ***
xorg-x11-server-1.3.0.0-47.fc8 has been submitted as an update for Fedora 8
(In reply to comment #4) > xorg-x11-server-1.3.0.0-47.fc8 has been submitted as an update for Fedora 8 Tested, it successfully fixed the Xorg crashes. Thanks!
Thanks for letting us know.
xorg-x11-server-1.3.0.0-47.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.