K-Meleon Concurrency-related Vulnerability

Type securityvulns
Reporter Securityvulns
Modified 2006-08-21T00:00:00


The newest version of K-Meleon browser is affected to disclosed on Bugtraq recently. When using test link http://lcamtuf.coredump.cx/ffoxdie3.html browser crashed after a delay of some seconds. No user interaction was needed.

Affected versions: Vulnerability has been confirmed in K-Meleon 1.0.1 in Windows 2000 SP4 fully patched.

Solution status: No updated versions available from the vendor at the time of reporting.

Vendor status: K-Meleon developers was contacted on 18th August 2006.

Credit: This vulnerability was reported earlier in Firefox by Michal Zalewski. Juha-Matti Laurio confirmed this vulnerability in K-Meleon.

Timeline: 18-Aug-2006 - Vulnerability confirmed in K-Meleon 18-Aug-2006 - Vendor was contacted 18-Aug-2006 - Security companies and several CERT units contacted

Best regards, Juha-Matti Laurio Networksecurity.fi http://www.networksecurity.fi/