franzon Posted October 1, 2008 Share Posted October 1, 2008 (edited) http://www.milw0rm.com/exploits/6614 Severity: HighDescription: The Mozilla Firefox 3.0.3 is vulnerable to user interface event dispatcher null pointer dereference denial of service attacks. The dispatched event created dynamically leads to firefox crash when it is called directly or in a defined loop with number of generated user interface events Proof of Concept: http://www.secniche.org/moz303/poc.html Mozilla 3.0.3 Crashes with unhandled exception in User Interface Dispatcher Events. If an user try to restore a session it still gives a crash. Edited October 1, 2008 by franzon Link to comment Share on other sites More sharing options...
SuperKid Posted October 1, 2008 Share Posted October 1, 2008 So theres going to be firefox 3.0.4 already for this or you reckon they'll do something like 3.0.31 now or something similar? Link to comment Share on other sites More sharing options...
TheRealDave Posted October 1, 2008 Share Posted October 1, 2008 Isn't exactly the end of the world if firefox crashed. It just opens to previous session. How convenient! Link to comment Share on other sites More sharing options...
Skulltrail-old Posted October 1, 2008 Share Posted October 1, 2008 So theres going to be firefox 3.0.4 already for this or you reckon they'll do something like 3.0.31 now or something similar? Knowing Mozilla, they will probably skip the thousandths, and move on to the next hundredth build. (3.0.4) @OP: Thanks for the update. I was curious why the hell Firefox kept crashing every once in a while (when doing complicated browsing) after updating to 3.0.3... Hopefully they will fix this soon. :cry: Link to comment Share on other sites More sharing options...
franzon Posted October 1, 2008 Author Share Posted October 1, 2008 It just opens to previous session. If an user try to restore a session it still gives a crash. Link to comment Share on other sites More sharing options...
magik Posted October 1, 2008 Share Posted October 1, 2008 /OT: FF3 still uses too much RAM IMO. Link to comment Share on other sites More sharing options...
Rappy Veteran Posted October 1, 2008 Veteran Share Posted October 1, 2008 /OT: FF3 still uses too much RAM IMO. Mine stays around 200k for 7 odd hours Link to comment Share on other sites More sharing options...
White Cuban Posted October 1, 2008 Share Posted October 1, 2008 thats not "you" thats milw0rm mate, and i think everyone already saw it, it was posted somewhere. Link to comment Share on other sites More sharing options...
ahhell Posted October 1, 2008 Share Posted October 1, 2008 Mine stays around 200k for 7 odd hours I think you mean 200000k or 200M. That's a pathetically huge amount of ram for a bloody web browser. Link to comment Share on other sites More sharing options...
chrisj1968 Posted October 1, 2008 Share Posted October 1, 2008 /OT: FF3 still uses too much RAM IMO. I noticed that too. I might have to move to chrome or opera. Link to comment Share on other sites More sharing options...
shakey_snake Posted October 1, 2008 Share Posted October 1, 2008 I think you mean 200000k or 200M. That's a pathetically huge amount of ram for a bloody web browser. we don't all want to use lynx. :p Link to comment Share on other sites More sharing options...
+Gary7 Subscriber² Posted October 1, 2008 Subscriber² Share Posted October 1, 2008 https://wiki.mozilla.org/Releases/Firefox_3.0.4 TG Daily - Mozilla posts Firefox 3.0.3 update (with a new bug) Link to comment Share on other sites More sharing options...
Ci7 Posted October 1, 2008 Share Posted October 1, 2008 it is not the end of the world "why so serious" you take it guys :p Link to comment Share on other sites More sharing options...
+Gary7 Subscriber² Posted October 1, 2008 Subscriber² Share Posted October 1, 2008 it is not the end of the world "why so serious" you take it guys :p Who is taking it serious, it is only a Browser. :) I don't have a memory problem with it. Mine is @36K right now. Link to comment Share on other sites More sharing options...
Kirkburn Posted October 1, 2008 Share Posted October 1, 2008 I think you mean 200000k or 200M. That's a pathetically huge amount of ram for a bloody web browser. It really isn't. Yes, HTML/CSS/JS code is simple - that doesn't mean it costs the same amount to render. Link to comment Share on other sites More sharing options...
ViperAFK Posted October 1, 2008 Share Posted October 1, 2008 Firefox 3 doesn't use much ram at all. Lifehacker recently benchmarked all the browsers and firefox 3 won in memory usage. http://lifehacker.com/5055406/browser-spee...to+date-results even with upwards of 20-30 tabs open it hardly goes above 120 for me. You have an extension or plugin problem if it is using 200k. Try browsing in safe mode and see if it still does it. Firefox 3 does not use much memory. Chrome uses a lot more than firefox (I am using chrome as I type this post.) Link to comment Share on other sites More sharing options...
Kirkburn Posted October 2, 2008 Share Posted October 2, 2008 As a comparison, I do all my work via Firefox, which entails having the browser open almost 24/7, with multiple windows and many tabs open on complex pages (with multiple non-trivial extensions). It's running at 350MB as a write this, on a Vista PC with 3.5 GB of RAM. That really ain't much, in all honesty - and it certainly doesn't impact performance. Link to comment Share on other sites More sharing options...
Pc_Madness Posted October 3, 2008 Share Posted October 3, 2008 Knowing Mozilla, they will probably skip the thousandths, and move on to the next hundredth build. (3.0.4) Major.Minor.BugFix as is my understanding. All start at 0, not hundreds. Link to comment Share on other sites More sharing options...
splicer707 Posted October 3, 2008 Share Posted October 3, 2008 Damn it. Why can't Firefox just issue a small patch to fix a .dll or whatever instead of releasing new version for every fix. :ermm: Hope Mozilla fixes this soon. Link to comment Share on other sites More sharing options...
primexx Posted October 3, 2008 Share Posted October 3, 2008 the poc didn't do ****... Link to comment Share on other sites More sharing options...
Kirkburn Posted October 5, 2008 Share Posted October 5, 2008 Damn it. Why can't Firefox just issue a small patch to fix a .dll or whatever instead of releasing new version for every fix. :ermm:Hope Mozilla fixes this soon. For general consumers, that would be a terrible idea. Not only is it confusing and prone to breaking things, you also get self-professed experts telling Joe Public to do it as well. Link to comment Share on other sites More sharing options...
shakey_snake Posted October 5, 2008 Share Posted October 5, 2008 I think splicer707 was being sarcastic, since, you might know, Firefox's update feature does pretty much exactly what he has described. Link to comment Share on other sites More sharing options...
SMELTN Posted October 6, 2008 Share Posted October 6, 2008 was wondering why my firefox kept crashing.. I actually uninstalled all my addon's because I thought one of them was causing it. :) Link to comment Share on other sites More sharing options...
Recommended Posts