On 16 Dec 08, at 11:49, carl hardwick wrote: > New unpatched security flaw found in Firefox 3.0.4 > PoC here: https://bugzilla.mozilla.org/attachment.cgi?id=302699 Relevant bug is https://bugzilla.mozilla.org/show_bug.cgi?id=416907 This doesn't appear to be security-critical - it's a NULL dereference.