lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060412233024.3941.qmail@securityfocus.com>
Date: 12 Apr 2006 23:30:24 -0000
From: bugtraq@...ph3us.org
To: bugtraq@...urityfocus.com
Subject: [BuHa-Security] DoS Vulnerability in Firefox 1.5.0.1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

 ---------------------------------------------------
| BuHa Security-Advisory #9     |    Apr 12th, 2006 |
 ---------------------------------------------------
| Vendor   | Mozilla Firefox                        |
| URL      | http://www.mozilla.com/firefox/        |
| Version  | <= 1.5.0.1                             |
| Risk     | Low (DoS - Null Pointer Dereference)   |
 ---------------------------------------------------

o Description:
=============

The award-winning Web browser is better than ever. Browse the Web
with confidence - Firefox protects you from viruses, spyware and
pop-ups. Enjoy improvements to performance, ease of use and privacy.

Visit http://www.mozilla.com/firefox/ for detailed information.

o Denial of Service:
===================

Following HTML source forces Firefox <= 1.5.0.1 to crash:
> <legend>
>  <kbd>
>    <object>
>      <h4>
>    </object>
>  </kbd>

Online-demo:
http://morph3us.org/security/pen-testing/firefox/firefox1501-nsBlockFrame.html

The access violation results in a non-exploitable Null Pointer Dereference.

o Disclosure Timeline:
=====================

01 Oct 05 - DoS vulnerability discovered.
15 Dec 05 - Vendor contacted.
15 Dec 05 - Vendor confirmed vulnerability.
02 Feb 06 - Fixed on 1.x branches.
12 Apr 06 - Public release.

o Solution:
==========

The upcoming versions of Firefox (1.0.8 and 1.5.0.2) will address this
issue.

o Credits:
=========

Thomas Waldegger <bugtraq@...ph3us.org>
BuHa-Security Community - http://buha.info/board/

If you have questions, suggestions or criticism about the advisory feel
free to send me a mail. The address 'bugtraq@...ph3us.org' is more a
spam address than a regular mail address therefore it's possible that
some mails get ignored. Please use the contact details at
http://morph3us.org/ to contact me.

Greets fly out to cyrus-tc, destructor, nait, rhy, trappy and all
members of BuHa.

Advisory online:
http://morph3us.org/advisories/20060412-firefox-1501.txt

-----BEGIN PGP SIGNATURE-----
Version: n/a
Comment: http://morph3us.org/

iD8DBQFEPVY0kCo6/ctnOpYRA02MAJ44HoaPKmgnii3+uM7RBNA5WsJ2BgCdHTdM
e3SnWFYbwoCSftadTtIfzr0=
=dVrF
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ