Oke, we've tested this one (see http://www.securityview.org/firefox-
marquee-bug.html) because at first we weren't able to let FF crash.
The results are on the site, but the bug is well known and it is not
more then an annoying thing....
All the credits goes to n00b for making the PoC, but it is a well
known bug, time for the FF-devvers to fix this one....
With regards
Ronald van den Blink
SecurityView.org
On 31 May, 2006, at 22:39, Co296 (at) aol (dot) com [email concealed] wrote:
Just to keep you informed i have had the following email from
www.imperfectnetworks.com
Just so you know what version's are afected thnx ..
email:
I was able to use this proof of concept code with the following results:
With Firefox 1.0.8 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13)
Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8)
I was able to cause a resource exhaustion with firefox increasing cpu
cycles and memory allocation well beyond normal utilization but without
crashing.
With Firefox 1.5.0.3 (Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3)
Firefox causes resource exhaustion to the point of crashing the
application.
Oke, we've tested this one (see http://www.securityview.org/firefox-
marquee-bug.html) because at first we weren't able to let FF crash.
The results are on the site, but the bug is well known and it is not
more then an annoying thing....
All the credits goes to n00b for making the PoC, but it is a well
known bug, time for the FF-devvers to fix this one....
With regards
Ronald van den Blink
SecurityView.org
On 31 May, 2006, at 22:39, Co296 (at) aol (dot) com [email concealed] wrote:
Just to keep you informed i have had the following email from
www.imperfectnetworks.com
Just so you know what version's are afected thnx ..
email:
I was able to use this proof of concept code with the following results:
With Firefox 1.0.8 (Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13)
Gecko/20060418 Fedora/1.0.8-1.1.fc4 Firefox/1.0.8)
I was able to cause a resource exhaustion with firefox increasing cpu
cycles and memory allocation well beyond normal utilization but without
crashing.
With Firefox 1.5.0.3 (Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3)
Firefox causes resource exhaustion to the point of crashing the
application.
[ reply ]