Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Firefox / IE6 crash on javascript nested loops

from [thabob] Network Security [Permanent Link]
Subject: Firefox / IE6 crash on javascript nested loops
Date: Tue, 30 Oct 2007 14:15:09 -0400 
ground418 security advisory

Date: 30-10-2007
Subject: Firefox / IE6 crash on javascript nested loops
Author: Vincent Audet Menard
Original file: http://www.ground418.org/exploits/read.php?file=07-ffox-loops
Risk: low

Tested on: IE6, IE7, Firefox, Safari
Vulnerable: IE6 and older, Firefox 2.0.0.8 and older (mac, window, linux)
Not Vulnerable: IE7, Safari 2.0.4

-[ Remote Firefox / IE6 crash ]

It's possible to crash and/or force the user to kill Firefox 2.0.0.8
and IE6 by coding an endless loop using javascript functions onblur()
and onfocusout(). By using 2 text input fields that are respectively
setting focus on each other, you can force the user to quit the
browser and eventually crash it if the user holds the enter key when a
javascript alert window appears.

This bug seems to be fixed in Internet Explorer 7, Microsoft seems to
have added a counter that limits the number of consecutive pop-up
alerts.
A variation of that bug has been reported to firefox a few years ago
(see related file), but seems to never have been posted on official
security channels.

-[ Related files ]

Original file:
http://www.ground418.org/exploits/read.php?file=07-ffox-loops

Proof of concept available on (at your own risk):
http://www.ground418.org/exploits/archived/ffox2-poc.html

Related on bugzilla
https://bugzilla.mozilla.org/show_bug.cgi?id=302787

---
Vincent A. Ménard
CTO - Heptacube inc.
http://www.heptacube.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] iDefense Security Advisory 10.30.07: IBM AIX bellmail Stack Buffer Overflow Vulnerability, iDefense Labs
Next by Date:  Re: Firefox / IE6 crash on javascript nested loops, Jan Heisterkamp
Previous by Thread:  [Full-disclosure] iDefense Security Advisory 10.30.07: IBM AIX bellmail Stack Buffer Overflow Vulnerability, iDefense Labs
Next by Thread:  Re: Firefox / IE6 crash on javascript nested loops, Jan Heisterkamp
Indexes:  [Date] [Thread] [Top] [All Lists]