[Advisory] Mozilla Products Remote Crash Vulnerability
From: Niek van der Maas (niekvdmaas_at_gmail.com)
Date: Mon, 6 Dec 2004 15:24:58 +0100 To: firstname.lastname@example.org, email@example.com
I'm posting it here, the Mozilla guys didn't want to answer or even
confirm this bug. No idea whether this one is exploitable or not, I'll
leave that over to the readers of these lists.
Niek van der Maas
Mozilla Products Remote Crash Vulnerability
Vendor : The Mozilla Organisation
Product(s) : Navigator, Firefox, other Gecko based products
Version(s) : All released versions
Platform(s) : All platforms (confirmed on Windows, Linux and SunOS)
Discovered by : Niek van der Maas, MaasOnline (http://maas-online.nl/)
Advisory URL : http://maas-online.nl/security/advisory-mozilla-crash.txt
While working on one of my projects I discovered a vulnerability in Firefox,
allowing a attacker to crash the browser. Further investigation learned that
this vulnerability also applies on other Mozilla products, like Navigator.
All platforms and versions are affected.
'onload' tag or after clicking a link (i.e., 'onclick').
PROOF OF CONCEPT
The vulnerability can be exploited with the following 2 lines of code:
<iframe id="pocframe" name="pocframe" src="about:blank"></iframe>
A sample page containing these 2 lines is available at
PATCH / WORKAROUND
execution at all.
The bug (#272381) was opened 2004-11-30 in Bugzilla.
Until now (2004-12-06), no response or confirmation is received. Contacting
the Mozilla Security Team on IRC didn't help either, it seems that they're
simply not interested.