Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)

From: Neil Dickey <neil@geol.niu.edu>
To: bugtraq@securityfocus.com,Thierry@zoller.lu
Cc:
Subject: Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Date:



>Update:
>-------
>Patch was ineffective,  Length2 was fixed and both
>SVGNumber and SVGNumber2, but no SVGLength.
>
>Affected products :
>- All firefox versions below 3.5

If this bug includes version 3.5, there is a workaround:
Set your cache size to zero until an effective patch is
published.

When this bug kicked in on my copy of Ff3.5 I thought
the hard drive had blown a bearing from the noise it
made.  It hadn't ( whew ), and the workaround has
worked fine.

Best regards,

Neil Dickey, Ph.D.
email: neil@geol.niu.edu
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois, U.S.A.
60115





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.