N/A

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence.

N/A

N/A

Mozilla Firefox JSframe Heap Corruption 'src="javascript:"' 拒绝服务漏洞

Mozilla Firefox 2.0.0.14版本允许远程攻击者引起拒绝服务攻击(堆耗竭和应用程序崩溃)或者可能执行任意代码。在某些JSframe写入和JSframe关闭之间的Iframe操作中，通过触发一个错误的条件，比如在加载由'src="javascript:"'序列定义的一个空的Java程序的过程中出现的错误，可以实现对任意代码的执行。

N/A

N/A