Non-exploitable vulnerabilities at source code level

I am writing a small article describing a kind of vulnerability that can be used against Linux Kernel.
This is due gcc and its optimization procedures, in some cases, make some source code buggy.
Furthermore, in this case, if SELinux is enabled, the system becomes weaker.

The vulnerability is described here (by Brad Spengler) and it can be exploited in Linux Kernel 2.6.30+/RHEL5 2.6.18 in /dev/net/tun.
The implmentation (was, before being fixed):

struct sock *sk = tun->sk;  // initialize sk with tun->sk
…
if (!tun)
return POLLERR;  // if tun is NULL return error

As tun is dereferenced (to use tun->sk) the compiler assumes that tun is non NULL, so it removes the check for tun against NULL.
Avoiding the initial crash caused to bad initialization (using mmap and SELinux), it is possible to exploit the Kernel because there is no check against tun.

I can point You all to this blog, in which are described a lot of vulnerabilities (also silently fixed ones).
Milw0rm is another source of exploit notices.

Firefox 3.5.1 still exposing bugs

Firefox 3.5.1 represents a step towards a faster browser.
Several benchmarks show Safari 4, Opera 10 and Chrome as the fastest browsers on the market - I heard "Webkit rules" - and they only seem to lack in the plug-ins feature.
I'm not taking into account IE X.x because... I think it already exists only because is bundled into the most common OS in the world. And there's no reason to use it.

Anyway... After the first exploit (more here) soon patched by Mozilla team, we got a bug in JavaScript engine, not well managed in 3.5.1.
The issue is well described here and this time it is not useful for executing code (at the moment), but "only" for a DoS.
Possible workaround? Disable JavaScript, No-Script plug-in or switch to the older JavaScript engine from about:config, disabling javascript.options.jit.content. Choosing the 3rd option, there will be a drop in the overall performances of Firefox.