Bugtraq mailing list archives
Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)
From: Thierry Zoller <Thierry () Zoller lu>
Date: Wed, 27 May 2009 20:38:18 +0200
Hi Jim,
Read again:
Affected : All Firefox versions that support SVG.
Then think about what version of Firefox you are using.
JP> If I understand the process, saving the text at [IV. Proof of
JP> concept] (following the "~~~..." to an .XHTML file, and launch the
JP> file using Firefox, I should lose functionality ("Browser doesn't
JP> respond any longer to any user input, all tabs are no longer
JP> accessible, your work if any (hail to the web 2.0) might be lost.")
JP> Using FF2.0.0.20 and the file does not result in loss of use. All
JP> tabs are functional. All JAVA links continue function. Same
JP> result for naming the POC file to .HTML, .HTM.
Thierry Zoller <Thierry () Zoller lu> 05/26/2009 13:13 >>>
JP> For those that failed to reproduce, try naming the POC file with an XHTML JP> extension. JP> _______________________________________________ JP> Full-Disclosure - We believe in it. JP> Charter: http://lists.grok.org.uk/full-disclosure-charter.html JP> Hosted and sponsored by Secunia - http://secunia.com/ -- http://blog.zoller.lu Thierry Zoller
Current thread:
- Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller (May 27)
- Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Jim Parkhurst (May 27)
- Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Thierry Zoller (May 27)
- Re[2]: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Vladimir '3APA3A' Dubrovin (May 27)
- Re: Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Jim Parkhurst (May 27)