Title: Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
Memory exhaustion of Firefox 3.6.3 (latest) <= makes firefox can't make texts into body element and then it crashed.
( raise exception using PoC #1, lower memory area read access violation using PoC #2 )
Ofcourse an variation PoC made NULL Pointer deref so may also could be code execution ( 0.1 % ). :-)
Vendor Status: unpatched. ( to now... doesn't exists any reliable exploit so i disclosed to bugtraq firstly )
0x02. Proof of Concepts:
[PoC #1 - firefox_3.6.3_dos_poc_1.htm] --
[PoC #2 - firefox_3.6.3_dos_poc_2.htm] --
Thank you bugtraq securityfocus.