Seems like the test cases trigger two different bugs. One is race that prevents resources from being deallocated effectively and second is infinite recursion. https://bugzilla.mozilla.org/show_bug.cgi?id=348514 (closed) https://bugzilla.mozilla.org/show_bug.cgi?id=323394 (open) But I am not really sure. On Ut, 2006-10-17 at 09:09 +0000, Mike@xxxxxxxxx wrote: > http://lcamtuf.coredump.cx/ffoxdie.html > this exploit still works with the latest Firefox 2.0 RC3 -- Lubomir Kundrak (Red Hat Security Response Team)
