| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43834DE2.9010701@cruzio.com> Date: Tue Nov 22 16:57:28 2005 From: dveditz at cruzio.com (Daniel Veditz) Subject: Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability Toufeeq Hussain wrote: >> Security Advisory (Reclassification) :: CT21-11-2005 >> ----------------------------------------------------- >> >> Title: Microsoft Internet Explorer JavaScript Window() >> Vulnerability > > Is it just me or did this exploit just DOS'ed my Firefox 1.0.7(Debian > Linux). > Just try the Windows XP Link given in the POC URL. > Firefox just hung with 100% CPU utilization. This does DOS Firefox (and the Mozilla Suite), tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=317334 The problem appears to be related to trying to reflow Bi-directional text, we've chunked the 200K character prompt dialog into 66K internal chunks and appear to have a really sucky algorithm for doing so. Eventually Firefox will show the prompt dialog and continue on normally (where eventually can be up to a couple of minutes). -Dan Veditz
Powered by blists - more mailing lists