<<< Date Index >>>     <<< Thread Index >>>

Re: Firefox / IE6 crash on javascript nested loops



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As nice workaround you can use the NoScript-Addon
https://addons.mozilla.org/en-US/firefox/addon/722

Regards,
Jan
thabob schrieb:
> ground418 security advisory
> 
> Date: 30-10-2007
> Subject: Firefox / IE6 crash on javascript nested loops
> Author: Vincent Audet Menard
> Original file: http://www.ground418.org/exploits/read.php?file=07-ffox-loops
> Risk: low
> 
> Tested on: IE6, IE7, Firefox, Safari
> Vulnerable: IE6 and older, Firefox 2.0.0.8 and older (mac, window, linux)
> Not Vulnerable: IE7, Safari 2.0.4
> 
> -[ Remote Firefox / IE6 crash ]
> 
> It's possible to crash and/or force the user to kill Firefox 2.0.0.8
> and IE6 by coding an endless loop using javascript functions onblur()
> and onfocusout(). By using 2 text input fields that are respectively
> setting focus on each other, you can force the user to quit the
> browser and eventually crash it if the user holds the enter key when a
> javascript alert window appears.
> 
> This bug seems to be fixed in Internet Explorer 7, Microsoft seems to
> have added a counter that limits the number of consecutive pop-up
> alerts.
> A variation of that bug has been reported to firefox a few years ago
> (see related file), but seems to never have been posted on official
> security channels.
> 
> -[ Related files ]
> 
> Original file:
> http://www.ground418.org/exploits/read.php?file=07-ffox-loops
> 
> Proof of concept available on (at your own risk):
> http://www.ground418.org/exploits/archived/ffox2-poc.html
> 
> Related on bugzilla
> https://bugzilla.mozilla.org/show_bug.cgi?id=302787
> 
> ---
> Vincent A. Ménard
> CTO - Heptacube inc.
> http://www.heptacube.com
> 
> 


- --
Grupo Ampersand S.A.
IT-Security Consultants & Auditors
Apdo. 924  Escazu 1250
Costa Rica C.A.
Phone: (506)588-0432
ceo_at_ampersanded.com  [corp.]
janheisterkamp_at_web.de [priv.]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHJ5LwPPNzabyjTq4RAk9gAJ9yMvOsIRWXZCzu4k7/fPjutXZBLgCeO2iM
o5xJqS+r7Bit01gZY/MKs8A=
=s81h
-----END PGP SIGNATURE-----