Three weeks ago, I coded a nice little browser fuzzer, and started playing with various browsers: IE, Firefox, Safari, Chrome, Opera...
I found an interesting Safari crash after couple of hours of fuzzing. It was a stack overflow (and a smile on my face). Since then, every now and then I took some time to play with it.
Today, I noticed that Apple updated Safari 4.0.2 to 4.0.3. Among some other vulnerabilities, this vulnerability has also been fixed. The Apple announcement is available at http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html.
Depends on the perspective, but from my own - Very Bad Luck. C'est la vie, things like this happen... Some bugs die young.
<script> var Overflow = "31337" + 0.313373133731337313373133731337...; </script>
Or something like this...
Play little bit with numbers to get a desirable return address, little bit of heap spraying, and it works.
Regards, Leon Juranic