[aklug] Mozilla Firefox 14.01 Denial Of Service

From: Christopher Howard <christopher.howard@frigidcode.com>
Date: Sat Aug 18 2012 - 11:24:46 AKDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Interesting report of an easy to craft JavaScript exploit for Firefox 14:

http://packetstormsecurity.org/files/115648/Mozilla-Firefox-14.01-Denial-Of-Service.html

Basically just uses JavaScript to create a document with infinite
characters that exhausts application memory. The exploit was tested on
a Windows 7 box, and it crashed Firefox. I tested it on my Gentoo
Linux box, and Firefox instead stopped the script after the memory was
exhausted. However, after running the script 10 or 11 times, Xorg
actually froze up and I had to do a reboot.

Here is a reproduction of the exploit code: (WARNING, MAY HAVE HARMFUL
EFFECTS:)

https://frigidcode.com/code/firefox-crash.html

- --
frigidcode.com
indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQL+v+AAoJEI2DxlFxTtgdOXIH/0dG66oNoGY3m9GEG2CGym8F
liGMsOxPjtc8U8DkDZuZ9q/LPDlPhoVB0bl9XwNViLUtQt3GPIOl/oV5BCEeEuhE
sWTXy76eCz5brCtbthdyl4ST9M0X3w+x2gWKOtHr1xUyCTdXC186JBQqYI92N1FP
IBBn2H2zq9TiNuXkQnlG0zKIKF3PNhv4JjXyKFyRhpUjnVtKY+YXOCKtEU1seUSQ
qzMtbi9VrKc/EW5M2SuvIZxxTnzDDrsfwrG6OASoBQyh2ENRlg0WAEIdaUuA4X58
DREoGPF6THW5hnpzZ+vLxL/cJHAkqVe4GD8JqIUGl98B2Bq009o0Oa7TpITnaQA=
=aero
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Aug 18 11:19:16 2012

This archive was generated by hypermail 2.1.8 : Sat Aug 18 2012 - 11:19:17 AKDT