openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #03372
[Bug 552287] Re: IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
Re: https://bugzilla.mozilla.org/show_bug.cgi?id=555342#c24
the fix is in IcedTea and uploaded to lucid.
(3) afaik FC12 does use the IcedTeaPlugin.cc, not the
IcedTeaNPPlugin.cc. The former is not affected.
No release enables the IcedTeaNPPlugin.cc by default.
** Bug watch added: Mozilla Bugzilla #555342
https://bugzilla.mozilla.org/show_bug.cgi?id=555342
--
IcedTea6 1.8pre (6b18~pre3-0ubuntu1) buffer overflow, possible crasher
https://bugs.launchpad.net/bugs/552287
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.
Status in “openjdk-6” package in Ubuntu: Fix Released
Bug description:
See Mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=555342.
(Apologies for this report, I'm not the person who discovered this bug and am relaying the discoverer's information.)
1) Ubuntu 10.04 b1
2) IcedTea6 1.8pre (6b18~pre3-0ubuntu1)
3) No buffer overflow
4) Buffer overflow
See the steps to reproduce in the Mozilla bug; the buffer overflow is more dramatic in Firefox nightlies with out-of-process plugins because it always results in a crash in the plugin subprocesses. It will only sometimes result in a crash of the Firefox process.
It's easier to just paste a fix for this bug than describe it more. The diff is against http://icedtea.classpath.org/hg/icedtea6 revision 911fc7449289.
Marking security vulnerability for safety; I think this would be hard to exploit.