Bugtraq mailing list archives
Re: Fire fox dos exploit
From: Ronald van den Blink <ronald () securityview org>
Date: Thu, 1 Jun 2006 21:47:59 +0200
Oke, we've tested this one (see http://www.securityview.org/firefox- marquee-bug.html) because at first we weren't able to let FF crash. The results are on the site, but the bug is well known and it is not more then an annoying thing....
All the credits goes to n00b for making the PoC, but it is a well known bug, time for the FF-devvers to fix this one....
With regards Ronald van den Blink SecurityView.org On 31 May, 2006, at 22:39, Co296 () aol com wrote: Just to keep you informed i have had the following email from www.imperfectnetworks.com Just so you know what version's are afected thnx .. email: I was able to use this proof of concept code with the following results: With Firefox 1.0.8 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8) I was able to cause a resource exhaustion with firefox increasing cpu cycles and memory allocation well beyond normal utilization but without crashing. With Firefox 1.5.0.3 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3)Firefox causes resource exhaustion to the point of crashing the application.
Current thread:
- Re: Fire fox dos exploit pagvac (Jun 04)
- <Possible follow-ups>
- RE: Fire fox dos exploit Andy (Jun 04)
- RE: Fire fox dos exploit Sanjay Rawat (Jun 05)
- RE: Fire fox dos exploit Jaroslaw Sajko (Jun 07)
- RE: Fire fox dos exploit Sanjay Rawat (Jun 05)
- Re: Fire fox dos exploit Ronald van den Blink (Jun 04)
- Re: Fire fox dos exploit Yannick von Arx (Jun 04)
- Re: Re: Fire fox dos exploit vincenzo . ampolo (Jun 04)
- Re: Fire fox dos exploit Phil Trainor (Jun 04)
- Re: Fire fox dos exploit Ronald van den Blink (Jun 04)
- Re: Fire fox dos exploit Aaron Hopkins (Jun 04)
- Re: Re: Fire fox dos exploit al4321 (Jun 07)