Hi all, I am way behind on this, so I wanted to drop a quick note regarding some of my vulnerabilities recently addressed by browser vendors - and provide some possibly interesting PoCs / fuzzers to go with them: Summary : MSIE same-origin bypass race condition (CVE-2007-3091) Impact : security bypass, possibly more Reported : June 2007 (publicly) PoC URL : http://lcamtuf.coredump.cx/ierace/ Bulletin : http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx Notes : additional credit to David Bloom for developing an improved proof-of-concept exploit Summary : MSIE memory corruption on page transitions Impact : memory corruption, potential code execution Reported : April 2008 (privately) PoC URL : http://lcamtuf.coredump.cx/stest/ (fuzzers) Bulletin : http://www.microsoft.com/technet/security/Bulletin/MS09-014.mspx Notes : - Summary : multiple browsers <CANVAS> implementation crashes (CVE-2008-2321, ???) Impact : memory corruption, potential code execution Reported : February 2008 (privately) PoC URL : http://lcamtuf.coredump.cx/canvas/ (fuzzer) Bulletin : http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html Bulletin : http://www.opera.com/support/kb/view/882/ Notes : also some DoS issues in Firefox Summary : Safari page transition tailgating (CVE-2009-1684) Impact : page spoofing, navigation target disclosure Reported : February 2008 (privately) PoC URL : http://lcamtuf.coredump.cx/sftrap2/ Bulletin : http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html Notes : - Cheers, /mz