New Firefox vulnerability – DoS and [DELETED] – UPDATED
Tiago Faria spilled these bits on October 31st 2006 @ 7:38 pm

This has just been posted to Bugtraq.

For now you can test if your version is vulnerable, here. (will cause Firefox to close)

So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.

The code used on the test page and the one submitted to Bugtraq can be found here.

Severity: … not really

Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.

Tags:  ,  ,  ,  ,  

rss Subscribe to Darknet RSS Feed rss

| 4,058 views |

comments are closed
  1. Michael B
    October 31st, 2006 | 9:12 pm

    2.0 on Mac OS X also died.

  2. pingback

    [...] New Firefox vulnerability – DoS and Remote Code Execution » firefox biztonsagi res, plusz infok, hogy lehet tesztelni. (tags: firefox vulnerablity securityhole) [...]

  3. pingback

    [...] As I said before, it’s about time! Now a proof of concept has been released for this DoS attack. Here is the link: http://www.darknet.org.uk/2006/10/new-firefox-vulnerability-dos-and-remote-code-execution/ [...]

  4. November 3rd, 2006 | 2:01 am

    Thank you for the test. My version 2 is vulnerable.

  5. November 6th, 2006 | 8:32 pm

    Firefox 2.0 /w NoScript didn’t crash.

  6. November 6th, 2006 | 11:56 pm

    Disabling Java and JavaScript is enough.

Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This