Re: Fire fox dos exploit




Oke, we've tested this one (see http://www.securityview.org/firefox- marquee-bug.html) because at first we weren't able to let FF crash. The results are on the site, but the bug is well known and it is not more then an annoying thing....

All the credits goes to n00b for making the PoC, but it is a well known bug, time for the FF-devvers to fix this one....


With regards


Ronald van den Blink
SecurityView.org
On 31 May, 2006, at 22:39, Co296@xxxxxxx wrote:
Just to keep you informed i have had the following email from

www.imperfectnetworks.com

Just so you know what version's are afected thnx ..


email:

I was able to use this proof of concept code with the following results:

With Firefox 1.0.8 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13)
Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8)
I was able to cause a resource exhaustion with firefox increasing cpu
cycles and memory allocation well beyond normal utilization but without
crashing.

With Firefox 1.5.0.3 (Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3)
Firefox causes resource exhaustion to the point of crashing the application.



Relevant Pages