On 2 Nov 2006 16:43:35 -0000, koenig (at) d-e-k-a-d-e-n-t (dot) de [email concealed]
<koenig (at) d-e-k-a-d-e-n-t (dot) de [email concealed]> wrote:
> <!--
>
> Do 2 Nov 16:35:53 CET 2006
>
> Vulnerable: Firefox 1.5.0.7 and probably versions below
>
> Impact: DoS (perhaps Code Execution)
>
>
> As Firefox 2.0 was released a few days ago...
> A "new" Exploit for the old version!
> The great Firefox! ;D
>
> On Kubuntu Linux the exploits does not just kill firefox
> but freezes the whole system! Probably it will also freeze
> other distros!
>
> If the URL is bigger than 4092 bytes, Firefox crashes!
> The URL in the following code is 4093 bytes!
>
> Greets: Oli
>
> Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog
Could not replicate this on Firefox 1.5.0.7 on Ubuntu 6.06. Tried
with 8k of 'a''s even and no luck:
<koenig (at) d-e-k-a-d-e-n-t (dot) de [email concealed]> wrote:
> <!--
>
> Do 2 Nov 16:35:53 CET 2006
>
> Vulnerable: Firefox 1.5.0.7 and probably versions below
>
> Impact: DoS (perhaps Code Execution)
>
>
> As Firefox 2.0 was released a few days ago...
> A "new" Exploit for the old version!
> The great Firefox! ;D
>
> On Kubuntu Linux the exploits does not just kill firefox
> but freezes the whole system! Probably it will also freeze
> other distros!
>
> If the URL is bigger than 4092 bytes, Firefox crashes!
> The URL in the following code is 4093 bytes!
>
> Greets: Oli
>
> Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog
Could not replicate this on Firefox 1.5.0.7 on Ubuntu 6.06. Tried
with 8k of 'a''s even and no luck:
perl -e "print '<html><body><a href=\"http://' . 'a'x8192 .
'.de\">DoS</a></body></html>'" > test.html
If I click on the link and go up to my address bar, I can see that it
even manages to pass along the entire thing up to the '.de'.
--
Robert Wesley McGrew
http://cse.msstate.edu/~rwm8/
[ reply ]