[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)

To: bugtraq@xxxxxxxxxxxxxxxxx, Thierry@xxxxxxxxx
Subject: Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
From: Neil Dickey <neil@xxxxxxxxxxxx>
Date: Mon, 13 Jul 2009 09:55:42 -0500 (CDT)

>Update:
>-------
>Patch was ineffective,  Length2 was fixed and both
>SVGNumber and SVGNumber2, but no SVGLength.
>
>Affected products :
>- All firefox versions below 3.5

If this bug includes version 3.5, there is a workaround:
Set your cache size to zero until an effective patch is
published.

When this bug kicked in on my copy of Ff3.5 I thought
the hard drive had blown a bearing from the noise it
made.  It hadn't ( whew ), and the workaround has
worked fine.

Best regards,

Neil Dickey, Ph.D.
email: neil@xxxxxxxxxxxx
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois, U.S.A.
60115

Follow-Ups:
- Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
  - From: Nick Boyce

Prev by Date: DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
Next by Date: [oCERT-2009-012] libtiff tools integer overflows
Previous by thread: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Next by thread: Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Index(es):
- Date
- Thread