Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)

To: "Jim Parkhurst" <JPARKHUR@xxxxxxxxxxxxxxx>
Subject: Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
From: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>
Date: Wed, 27 May 2009 22:59:18 +0400
Cc: cert@xxxxxxxx, info@xxxxxxxxxxxxx, "full-disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>, <cve@xxxxxxxxx>, <nvd@xxxxxxxx>, <vuln@xxxxxxxxxxx>, "bugtraq" <bugtraq@xxxxxxxxxxxxxxxxx>, "Thierry Zoller" <Thierry@xxxxxxxxx>
In-reply-to: <4A1D1C77.1761.009C.3@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: http://www.security.nnov.ru
References: <10310049168.20090526201321@xxxxxxxxx> <4A1D1C77.1761.009C.3@xxxxxxxxxxxxxxx>
Reply-to: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>

Dear Jim Parkhurst,

It  may  depend  on  video  card  and  video  drivers  and/or  amount of
memory/video  memory.  9  years  ago there was vulnerability in Internet
explorer          with          displaying         scaled         image:
http://securityvulns.com/advisories/ie5freeze.asp   results   were  also
different  on  different  hardware.  In some cases even mouse cursor was
frozen and reboot was only option.


--Wednesday, May 27, 2009, 7:56:56 PM, you wrote to cert@xxxxxxxx:

JP> If I understand the process, saving the text at [IV. Proof of
JP> concept] (following the "~~~..." to an .XHTML file, and launch the
JP> file using Firefox, I should lose functionality ("Browser doesn't
JP> respond any longer to any user input, all tabs are no longer
JP> accessible, your work if any  (hail to the web 2.0) might be lost.")

JP> Using FF2.0.0.20 and the file does not result in loss of use.
JP> All tabs are functional. All JAVA links continue function.  Same
JP> result for naming the POC file to .HTML, .HTM.

>>>> Thierry Zoller <Thierry@xxxxxxxxx> 05/26/2009 13:13 >>>


JP> For  those that failed to reproduce, try naming the POC file with an XHTML
JP> extension.



-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
Машина оказалась способной к единственному действию,
а именно умножению 2x2, да и то при этом ошибаясь. (Лем)

References:
- Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
  - From: Thierry Zoller
- Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
  - From: Jim Parkhurst

Prev by Date: Re: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Next by Date: Re[2]: [Full-disclosure] [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Previous by thread: Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
Next by thread: [IMF 2009] 3rd Call - Deadline Extended
Index(es):
- Date
- Thread