Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Firefox Exploit
From: "Robert McGrew" <wesleymcgrew () gmail com>
Date: Thu, 2 Nov 2006 14:20:40 -0600

On 2 Nov 2006 16:43:35 -0000, koenig () d-e-k-a-d-e-n-t de
<koenig () d-e-k-a-d-e-n-t de> wrote:

Do 2 Nov 16:35:53 CET 2006

Vulnerable: Firefox and probably versions below

Impact: DoS (perhaps Code Execution)

As Firefox 2.0 was released a few days ago...
A "new" Exploit for the old version!
The great Firefox! ;D

On Kubuntu Linux the exploits does not just kill firefox
but freezes the whole system! Probably it will also freeze
other distros!

If the URL is bigger than 4092 bytes, Firefox crashes!
The URL in the following code is 4093 bytes!

Greets: Oli

Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog

Could not replicate this on Firefox on Ubuntu 6.06.  Tried
with 8k of 'a''s even and no luck:

perl -e "print '<html><body><a href=\"http://&apos; . 'a'x8192 .
'.de\">DoS</a></body></html>'" > test.html

If I click on the link and go up to my address bar, I can see that it
even manages to pass along the entire thing up to the '.de'.

Robert Wesley McGrew

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]