mailing list archives
Re: Firefox 22.214.171.124 Exploit
From: "Robert McGrew" <wesleymcgrew () gmail com>
Date: Thu, 2 Nov 2006 14:20:40 -0600
On 2 Nov 2006 16:43:35 -0000, koenig () d-e-k-a-d-e-n-t de
<koenig () d-e-k-a-d-e-n-t de> wrote:
Do 2 Nov 16:35:53 CET 2006
Vulnerable: Firefox 126.96.36.199 and probably versions below
Impact: DoS (perhaps Code Execution)
As Firefox 2.0 was released a few days ago...
A "new" Exploit for the old version!
The great Firefox! ;D
On Kubuntu Linux the exploits does not just kill firefox
but freezes the whole system! Probably it will also freeze
If the URL is bigger than 4092 bytes, Firefox crashes!
The URL in the following code is 4093 bytes!
Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog
Could not replicate this on Firefox 188.8.131.52 on Ubuntu 6.06. Tried
with 8k of 'a''s even and no luck:
perl -e "print '<html><body><a href=\"http://' . 'a'x8192 .
'.de\">DoS</a></body></html>'" > test.html
If I click on the link and go up to my address bar, I can see that it
even manages to pass along the entire thing up to the '.de'.
Robert Wesley McGrew