Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27073
HistoryOct 01, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-37

2011-10-0100:00:00
vulners.com
17

Mozilla Foundation Security Advisory 2011-37

Title: Integer underflow when using JavaScript RegExp
Impact: Critical
Announced: September 27, 2011
Reporter: Mark Kaplan
Products: Firefox 3.6

Fixed in: Firefox 3.6.23
Description

Mark Kaplan reported a potentially exploitable crash due to integer underflow when using a large JavaScript RegExp expression. We would also like to thank Mark for contributing the fix for this problem.

The Regular Expression engine was replaced in Firefox 4 and the newer engine does not suffer from this bug.

References

Crash in SpiderMonkey v.1.9.2 during regular expression evaluation
CVE-2011-2998

Related for SECURITYVULNS:DOC:27073