| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Jun 2006 21:47:59 +0200 From: Ronald van den Blink <ronald@...urityview.org> To: bugtraq@...urityfocus.com Subject: Re: Fire fox dos exploit Oke, we've tested this one (see http://www.securityview.org/firefox- marquee-bug.html) because at first we weren't able to let FF crash. The results are on the site, but the bug is well known and it is not more then an annoying thing.... All the credits goes to n00b for making the PoC, but it is a well known bug, time for the FF-devvers to fix this one.... With regards Ronald van den Blink SecurityView.org On 31 May, 2006, at 22:39, Co296@....com wrote: Just to keep you informed i have had the following email from www.imperfectnetworks.com Just so you know what version's are afected thnx .. email: I was able to use this proof of concept code with the following results: With Firefox 1.0.8 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8) I was able to cause a resource exhaustion with firefox increasing cpu cycles and memory allocation well beyond normal utilization but without crashing. With Firefox 1.5.0.3 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3) Firefox causes resource exhaustion to the point of crashing the application.
Powered by blists - more mailing lists