<<< Date Index >>>     <<< Thread Index >>>

Re: Firefox 1.5.0.7 Exploit



On 2 Nov 2006 16:43:35 -0000, koenig@xxxxxxxxxxxxxxxxxx
<koenig@xxxxxxxxxxxxxxxxxx> wrote:
<!--

Do 2 Nov 16:35:53 CET 2006

Vulnerable: Firefox 1.5.0.7 and probably versions below

Impact: DoS (perhaps Code Execution)


As Firefox 2.0 was released a few days ago...
A "new" Exploit for the old version!
The great Firefox! ;D

On Kubuntu Linux the exploits does not just kill firefox
but freezes the whole system! Probably it will also freeze
other distros!

If the URL is bigger than 4092 bytes, Firefox crashes!
The URL in the following code is 4093 bytes!

Greets: Oli

Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog

Could not replicate this on Firefox 1.5.0.7 on Ubuntu 6.06.  Tried
with 8k of 'a''s even and no luck:

perl -e "print '<html><body><a href=\"http://' . 'a'x8192 .
'.de\">DoS</a></body></html>'" > test.html

If I click on the link and go up to my address bar, I can see that it
even manages to pass along the entire thing up to the '.de'.

--
Robert Wesley McGrew
http://cse.msstate.edu/~rwm8/