Theory ... (a work in progress)
An unpatched for Bug 485217 browser, so SeaMonkey 1.1.15 or FF 3.0.7 or FF 3.2.x
NoScript 1.9.1.5
An XSLT testcase that generates a crash
Install NoScript
Try to force a crash
NoScript blocks the crash
-> Temporarily Allow the domain of the exploit (file:// if local)
RESULT: Browser crashes
Code: Select all
Add-ons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.1,{20a82645-c095-46ed-80e3-08825760534b}:1.0,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.5,scrollimg@hashao.studio:0.9.3,{47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0,{D46E8522-6E86-44b1-A622-58C0668AD78E}:3.0.9,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4pre,silvermel@pardal.de:1.0.3
BuildID: 2008102706
CrashTime: 1238199194
InstallTime: 1227984726
ProductName: Firefox
SecondsSinceLastCrash: 488
StartupTime: 1238198744
Theme: silvermel
URL: file:///C:/TMP/ffcrash/xmlcrash.html
UserID: 34ae89b9-67ab-4919-bb5b-1db4e349ede0
Vendor: Mozilla
Version: 3.0.4pre
Code: Select all
Add-ons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.7.9,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.2a1pre
BuildID: 20090206084003
CrashTime: 1238200187
InstallTime: 1237662240
ProductName: Firefox
SecondsSinceLastCrash: 265
StartupTime: 1238199985
Theme: classic/1.0
Throttleable: 1
URL: file:///C:/TMP/ffcrash/xmlcrash.html
Vendor: Mozilla
Version: 3.2a1pre
It talks about a crash in ModName: transformiix.dll
So it looks to be affecting at least Gecko 1.8.1 & 1.9.0 & 1.9.2