New Firefox vulnerability – DoS and [DELETED] – UPDATED
This has just been posted to Bugtraq.
For now you can test if your version is vulnerable, here. (will cause Firefox to close)
So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.
The code used on the test page and the one submitted to Bugtraq can be found here.
Severity: … not really
Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.
Tweet
Recent in Exploits/Vulnerabilities:
- No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug
- Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit
- Rec Studio 4 – Reverse Engineering Compiler & Decompiler
Related Posts:
- MS and the new IE vulnerability – Object Tag
- Microsoft Breaks Patch Cycle to Issue IE Patch
- Mozilla Denies Firefox 3.5 Bug Is Exploitable
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 190,297 views
- AJAX: Is your application secure enough? - 115,495 views
- eEye Launches 0-Day Exploit Tracker - 80,660 views


Posted in:



2.0 on Mac OS X also died.
Thank you for the test. My version 2 is vulnerable.
Firefox 2.0 /w NoScript didn’t crash.
Disabling Java and JavaScript is enough.