Bugtraq mailing list archives
[BuHa-Security] DoS Vulnerability in Firefox <= 1.0.7
From: bugtraq () morph3us org
Date: 20 Feb 2006 18:34:43 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory #8 | Feb 15th, 2006 | --------------------------------------------------- | Vendor | Mozilla Firefox | | URL | http://www.mozilla.com/firefox/ | | Version | <= 1.0.7 | | Risk | Low (DoS - Null Pointer Dereference) | --------------------------------------------------- This issue was originally (?) discovered by Yuan Qi who posted it on Bugzilla [1] on 11th November 2004 [2]. I rediscovered this vulnerability on 1st October 2005 and reported it several weeks later to the Mozilla Software Foundation [3] because I did not find any advisory or bugzilla post about this problem.. I decided to release an advisory about this DoS vulnerability, even though it's an old issue. o Description: ============= The award-winning Web browser is better than ever. Browse the Web with confidence - Firefox protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy. Visit http://www.mozilla.com/firefox/ for detailed information. o Denial of Service: =================== Following HTML code forces Firefox to crash:
<frameset></frameset> <table><p><form><map><dl><table><small>
Online-demo: http://morph3us.org/security/pen-te...8143204906.html The access violation results in a null pointer dereference and is not exploitable. o Vulnerable versions: ===================== The DoS vulnerability was successfully tested on:
Firefox 1.0.7 - GNU/Linux (Gentoo, Slackware, Debian) Firefox 1.0.7 - Solaris Firefox 1.0.7 - Windoze 2k / XP SP2 Firefox 1.0.6 - XP SP2 Firefox 1.0.4 - GNU/Linux (Gentoo, Slackware, Debian) Firefox 1.0.4 - XP SP2 Firefox 1.0.1 - XP SP2 Firefox 1.0.0 - XP SP2
o Disclosure Timeline: ===================== 01 Oct 05 - DoS vulnerability discovered. 15 Dec 05 - Vendor contacted. 17 Dec 05 - Vendor confirmed vulnerability. 15 Feb 06 - Public release. o Solution: ========== Upgrade to Firefox 1.5.0.1. o Credits: ========= Thomas Waldegger <bugtraq () morph3us org> BuHa-Security Community - http://buha.info/board/ If you have questions, suggestions or criticism about the advisory feel free to send me a mail. The address 'bugtraq () morph3us org' is more a spam address than a regular mail address therefore it's possible that I ignore some mails. Please use the contact details at http://morph3us.org/ to contact me. Greets fly out to cyrus-tc, destructor, nait, trappy and all members of BuHa. Advisory online: http://morph3us.org/advisories/20060215-firefox-107.txt [1] https://bugzilla.mozilla.org/ [2] https://bugzilla.mozilla.org/show_bug.cgi?id=269095 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=320463 -----BEGIN PGP SIGNATURE----- Version: n/a Comment: http://morph3us.org/ iD8DBQFD8tg/kCo6/ctnOpYRAz27AJsE1EcyIycMA5XdDnHMJDdhPPk0uQCeK7DX H+dtwjsf4nkXuHrPR1wFZZM= =IUWt -----END PGP SIGNATURE-----
Current thread:
- [BuHa-Security] DoS Vulnerability in Firefox <= 1.0.7 bugtraq (Feb 21)