[Full-disclosure] Mozilla Multiple Product JavaScript Issue
From: Kurczaba Associates Advisories (advisories_at_kurczaba.com)
Date: 06/28/05
- Previous message: Charles Heselton: "RE: [Full-disclosure] Solaris 9/10 ld.so fun"
- Next in thread: evilninja: "Re: [Full-disclosure] Mozilla Multiple Product JavaScript Issue"
- Reply: evilninja: "Re: [Full-disclosure] Mozilla Multiple Product JavaScript Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 16:21:26 -0400 To: full-disclosure@lists.grok.org.uk
Mozilla Multiple Product JavaScript Issue
http://www.kurczaba.com/html/security/0506241.htm
-------------------------------------------------
Vendor:
Mozilla (http://www.mozilla.org)
Vulnerable Software:
Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4
Vulnerability/Exploit:
By using a specially crafted JavaScript function, it is possible to
crash the above named browsers. The script can be executed both with and
without user intervention.
Proof of Concept:
Manual: http://www.kurczaba.com/html/security/0506241_poc.htm
Automatic: http://www.kurczaba.com/html/security/0506241_poc2.htm
Workaround:
Disable JavaScript
Date Discovered:
June 14, 2005
Severity:
Low
Credit:
Paul Kurczaba
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Charles Heselton: "RE: [Full-disclosure] Solaris 9/10 ld.so fun"
- Next in thread: evilninja: "Re: [Full-disclosure] Mozilla Multiple Product JavaScript Issue"
- Reply: evilninja: "Re: [Full-disclosure] Mozilla Multiple Product JavaScript Issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
