31 October 2006 | 5,580 views

New Firefox vulnerability – DoS and [DELETED] – UPDATED

Prevent Network Security Leaks with Acunetix

This has just been posted to Bugtraq.

For now you can test if your version is vulnerable, here. (will cause Firefox to close)

So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable.

The code used on the test page and the one submitted to Bugtraq can be found here.

Severity: … not really

Update: This attack does not allow remote code execution! It has been posted on the mailing lists and several news sites.



Recent in Exploits/Vulnerabilities:
- XML Quadratic Blowup Attack Blows Up WordPress & Drupal
- Password Manager Security – LastPass, RoboForm Etc Are Not That Safe
- Hacking Your Fridge – Internet of Things Security

Related Posts:
- MS and the new IE vulnerability – Object Tag
- Mozilla Denies Firefox 3.5 Bug Is Exploitable
- Microsoft Breaks Patch Cycle to Issue IE Patch

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,315 views
- AJAX: Is your application secure enough? - 119,084 views
- eEye Launches 0-Day Exploit Tracker - 85,051 views

Low-cost VPS Hosting

6 Responses to “New Firefox vulnerability – DoS and [DELETED] – UPDATED”

  1. Michael B 31 October 2006 at 9:12 pm Permalink

    2.0 on Mac OS X also died.

  2. Richard 3 November 2006 at 2:01 am Permalink

    Thank you for the test. My version 2 is vulnerable.

  3. Jacob 6 November 2006 at 8:32 pm Permalink

    Firefox 2.0 /w NoScript didn’t crash.

  4. Gouki 6 November 2006 at 11:56 pm Permalink

    Disabling Java and JavaScript is enough.