Bugtraq mailing list archives
Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
From: "Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>
Date: Wed, 27 May 2009 22:59:18 +0400
Dear Jim Parkhurst, It may depend on video card and video drivers and/or amount of memory/video memory. 9 years ago there was vulnerability in Internet explorer with displaying scaled image: http://securityvulns.com/advisories/ie5freeze.asp results were also different on different hardware. In some cases even mouse cursor was frozen and reboot was only option. --Wednesday, May 27, 2009, 7:56:56 PM, you wrote to cert () cert org: JP> If I understand the process, saving the text at [IV. Proof of JP> concept] (following the "~~~..." to an .XHTML file, and launch the JP> file using Firefox, I should lose functionality ("Browser doesn't JP> respond any longer to any user input, all tabs are no longer JP> accessible, your work if any (hail to the web 2.0) might be lost.") JP> Using FF2.0.0.20 and the file does not result in loss of use. JP> All tabs are functional. All JAVA links continue function. Same JP> result for naming the POC file to .HTML, .HTM.
Thierry Zoller <Thierry () Zoller lu> 05/26/2009 13:13 >>>
JP> For those that failed to reproduce, try naming the POC file with an XHTML JP> extension. -- Skype: Vladimir.Dubrovin ~/ZARAZA http://securityvulns.com/ Машина оказалась способной к единственному действию, а именно умножению 2x2, да и то при этом ошибаясь. (Лем)
Current thread:
- Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller (May 27)
- Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Jim Parkhurst (May 27)
- Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller (May 27)
- Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Vladimir '3APA3A' Dubrovin (May 27)
- Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Jim Parkhurst (May 27)