The newest version of K-Meleon browser is affected to disclosed on Bugtraq recently. When using test link http://lcamtuf.coredump.cx/ffoxdie3.html browser crashed after a delay of some seconds. No user interaction was needed.
Affected versions: Vulnerability has been confirmed in K-Meleon 1.0.1 in Windows 2000 SP4 fully patched.
Solution status: No updated versions available from the vendor at the time of reporting.
Vendor status: K-Meleon developers was contacted on 18th August 2006.
Credit: This vulnerability was reported earlier in Firefox 184.108.40.206 by Michal Zalewski. Juha-Matti Laurio confirmed this vulnerability in K-Meleon.
Timeline: 18-Aug-2006 - Vulnerability confirmed in K-Meleon 18-Aug-2006 - Vendor was contacted 18-Aug-2006 - Security companies and several CERT units contacted
Best regards, Juha-Matti Laurio Networksecurity.fi http://www.networksecurity.fi/