New Firefox vulnerability – DoS and [DELETED] – UPDATED

Don't let your data go over to the Dark Side!


This has just been posted to Bugtraq.

For now you can test if your version is vulnerable, here. (will cause Firefox to close)

So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.

The code used on the test page and the one submitted to Bugtraq can be found here.

Severity: … not really

Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.


Posted in: Exploits/Vulnerabilities

, , , ,

Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,327 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


6 Responses to New Firefox vulnerability – DoS and [DELETED] – UPDATED

  1. Michael B October 31, 2006 at 9:12 pm #

    2.0 on Mac OS X also died.

  2. Richard November 3, 2006 at 2:01 am #

    Thank you for the test. My version 2 is vulnerable.

  3. Jacob November 6, 2006 at 8:32 pm #

    Firefox 2.0 /w NoScript didn’t crash.

  4. Gouki November 6, 2006 at 11:56 pm #

    Disabling Java and JavaScript is enough.

Trackbacks/Pingbacks

  1. links for 2006-10-31 « kobak del.icio.us könyvjelzői - October 31, 2006

    […] New Firefox vulnerability – DoS and Remote Code Execution » firefox biztonsagi res, plusz infok, hogy lehet tesztelni. (tags: firefox vulnerablity securityhole) […]

  2. MySecured.com · FireFox 2 Vulnerable! - November 1, 2006

    […] As I said before, it’s about time! Now a proof of concept has been released for this DoS attack. Here is the link: http://www.darknet.org.uk/2006/10/new-firefox-vulnerability-dos-and-remote-code-execution/ […]