A memory corruption flaw was discovered in how Mozilla Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitary code with the privileges of the user running Firefox. A proof-of-concept was made public earlier today: http://milw0rm.com/exploits/8285
Created attachment 336748 [details] PoC posted on milw0rm
Created attachment 336749 [details] crashtest posted on bugzilla.mozilla.org The upstream bug is this: https://bugzilla.mozilla.org/show_bug.cgi?id=485217
Mitre CVE description: CVE-2009-1169: The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox 3.0.7 and earlier allows remote attackers to cause a denial of service (crash) via an XML file with a crafted XSLT transform.
This is now public: http://www.mozilla.org/security/announce/2009/mfsa2009-12.html
This issue has been addressed in following products: Red Hat Enterprise Linux 2.1 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2009:0398 https://rhn.redhat.com/errata/RHSA-2009-0398.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0397 https://rhn.redhat.com/errata/RHSA-2009-0397.html
seamonkey-1.1.15-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
seamonkey-1.1.15-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.