lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 6 Dec 2004 15:24:58 +0100
From: Niek van der Maas <niekvdmaas@...il.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [Advisory] Mozilla Products Remote Crash Vulnerability


Hi,

I'm posting it here, the Mozilla guys didn't want to answer or even
confirm this bug. No idea whether this one is exploitable or not, I'll
leave that over to the readers of these lists.
Bye,

Niek van der Maas
MaasOnline
http://maas-online.nl/


Mozilla Products Remote Crash Vulnerability
===========================================

Vendor        : The Mozilla Organisation
Product(s)    : Navigator, Firefox, other Gecko based products
Version(s)    : All released versions
Platform(s)   : All platforms (confirmed on Windows, Linux and SunOS)
Discovered by : Niek van der Maas, MaasOnline (http://maas-online.nl/)
Advisory URL  : http://maas-online.nl/security/advisory-mozilla-crash.txt


DESCRIPTION
  While working on one of my projects I discovered a vulnerability in Firefox,
  allowing a attacker to crash the browser. Further investigation learned that
  this vulnerability also applies on other Mozilla products, like Navigator.
  All platforms and versions are affected.
  The crash occurs when a one-line JavaScript is executed which tries to print
  an iframe. The crash does not occur when executing this JavaScript in the
  'onload' tag or after clicking a link (i.e., 'onclick').


PROOF OF CONCEPT
  The vulnerability can be exploited with the following 2 lines of code:
    <iframe id="pocframe" name="pocframe" src="about:blank"></iframe>
    <script type="text/javascript">window.frames.pocframe.print();</script>
  A sample page containing these 2 lines is available at
    http://maas-online.nl/security/poc-mozilla-crash.html


PATCH / WORKAROUND
  No patch is available at this time. The only solution is to disable JavaScript
  execution at all.


VENDOR RESPONSE
  The bug (#272381) was opened 2004-11-30 in Bugzilla.
  Until now (2004-12-06), no response or confirmation is received. Contacting
  the Mozilla Security Team on IRC didn't help either, it seems that they're
  simply not interested.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ