Full Disclosure mailing list archives
[Advisory] Mozilla Products Remote Crash Vulnerability
From: Niek van der Maas <niekvdmaas () gmail com>
Date: Mon, 6 Dec 2004 15:24:58 +0100
Hi, I'm posting it here, the Mozilla guys didn't want to answer or even confirm this bug. No idea whether this one is exploitable or not, I'll leave that over to the readers of these lists. Bye, Niek van der Maas MaasOnline http://maas-online.nl/ Mozilla Products Remote Crash Vulnerability =========================================== Vendor : The Mozilla Organisation Product(s) : Navigator, Firefox, other Gecko based products Version(s) : All released versions Platform(s) : All platforms (confirmed on Windows, Linux and SunOS) Discovered by : Niek van der Maas, MaasOnline (http://maas-online.nl/) Advisory URL : http://maas-online.nl/security/advisory-mozilla-crash.txt DESCRIPTION While working on one of my projects I discovered a vulnerability in Firefox, allowing a attacker to crash the browser. Further investigation learned that this vulnerability also applies on other Mozilla products, like Navigator. All platforms and versions are affected. The crash occurs when a one-line JavaScript is executed which tries to print an iframe. The crash does not occur when executing this JavaScript in the 'onload' tag or after clicking a link (i.e., 'onclick'). PROOF OF CONCEPT The vulnerability can be exploited with the following 2 lines of code: <iframe id="pocframe" name="pocframe" src="about:blank"></iframe> <script type="text/javascript">window.frames.pocframe.print();</script> A sample page containing these 2 lines is available at http://maas-online.nl/security/poc-mozilla-crash.html PATCH / WORKAROUND No patch is available at this time. The only solution is to disable JavaScript execution at all. VENDOR RESPONSE The bug (#272381) was opened 2004-11-30 in Bugzilla. Until now (2004-12-06), no response or confirmation is received. Contacting the Mozilla Security Team on IRC didn't help either, it seems that they're simply not interested. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Advisory] Mozilla Products Remote Crash Vulnerability Niek van der Maas (Dec 06)
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability Kevin Finisterre (Dec 06)
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability Heikki Toivonen (Dec 06)
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability Juergen Schmidt (Dec 07)
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability Heikki Toivonen (Dec 07)
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability Heikki Toivonen (Dec 06)
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability Kevin Finisterre (Dec 06)
- <Possible follow-ups>
- Re: [Advisory] Mozilla Products Remote Crash Vulnerability Berend-Jan Wever (Dec 06)
- [Advisory] Mozilla Products Remote Crash Vulnerability PERFECT.MATERIAL (Dec 06)