Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
From: information security <informationhacker08 () gmail com>
Date: Sun, 14 Feb 2010 08:46:30 +0530


# Title: Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service
# EDB-ID: 11432
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Asheesh kumar Mani Tripathi
# Published: 2010-02-13
# Verified: yes
# Download Exploit Code <http://www.exploit-db.com/download/11432>
# Download N/A

view source <http://www.exploit-db.com/exploits/11432#viewSource>
print <http://www.exploit-db.com/exploits/11432#printSource>?<http://www.exploit-db.com/exploits/11432#about>


                      Mozilla Firefox 3.6 (Multitudinous looping )Denial of
Service Exploit



                                            Asheesh Kumar Mani Tripathi

# code by Asheesh kumar Mani Tripathi

# email informationhacker08 () gmail com

# company       aksitservices

# Credit by Asheesh Anaconda

#Download www.mozilla.com/firefox


Mozilla Firefox is a popular internet browser. .....:)

This bug is a typical result of multitudinous  loop.
The flaw exists when the attacker put window.printer() funtion
in multitudinous loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.

Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any   might be lost.

#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla



<title>asheesh kumar mani tripathi</title>


window.onerror=new Function("history.go(0)");




#If you have any questions, comments, or concerns, feel free to contact me.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit information security (Feb 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]