Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Firefox 1.0.7 DoS Exploit

Posted by Hemos on from the to-be-confirmed-or-not-confirmed dept.

An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""

17 of 438 comments (clear)

  1. Brilliant header! by brian0918 · · Score: 2, Funny

    A 1.0.7 exploit that only affects everything below 1.0.7!

    1. Re:Brilliant header! by rincebrain · · Score: 1, Funny

      Yes - in that vein, how can you patch a bug that's already patched?

      --
      It's only an insult if it's not true.
  2. How come there are so many nice hackers? by jkind · · Score: 5, Funny

    Why are there so many nice hackers in the world? Willing to spend their time finding exploits, post them, and even a "safe" example. Do they take pride in helping the surfing community? Why don't they just hijack the world's browsers and make us choose between "Yes" and "Okay" on their PayPal deposit sites?
    Where are the evil hackers, or have they all converted, scared about stiff http://news.bbc.co.uk/1/hi/technology/4249780.stm penalties?

    --
    ~jennifer.k~
  3. Very vague by fa_pa · · Score: 2, Funny

    OMG there is an exploit for firefox but we don't know anything about it but it might be dangerous. i need to switch back to IE maybe...

    1. Re:Very vague by Agret · · Score: 1, Funny

      Dangerous? It's a DoS exploit. It causes your browser to lock up. Nothing to see here, move along.

      --
      Have you metaroderated recently?
  4. Worm Code by Agret · · Score: 3, Funny

    What follows is the source code made avaliable on the site.

    Mozilla

    # milw0rm.com [2005-10-16]

    I have 1.0.7 and it caused me to crash :(

    --
    Have you metaroderated recently?
  5. Re:is this NOT an OLD version by BushCheney08 · · Score: 1, Funny

    Hey dipshit. Wake up! This is like me saying "I'm running Vista. Why are they bothering posting information on XP exploits?"

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  6. Obviously... by supersocialist · · Score: 1, Funny

    ...the RIAA has finally managed to lock up all malicious computer users. It's about time!

  7. Re:How come... by ArsenneLupin · · Score: 2, Funny
    not to mention global warming will continue"...

    You got it all wrong. That particular problem has more to do with Athlon processors than with Internet Exploder.

  8. Re:So... by Anonymous Coward · · Score: 0, Funny
    (goatse is a bigger "exploit" and generally leads to complete machine shutdown/restart as you attempt to hide it from your colleagues)

    No, no, no... goatse is a bigger hole, but not a security hole...

  9. A browser DoS? by courtarro · · Score: 4, Funny

    It's hardly news to be able to DoS a browser. I DoS both FF and IE regularly while working on DHTML scripts, often when I use a debugging "alert" in the wrong place. Try this one and see how much farther you get during your morning browsing:

    <html>
    <body onmousemove="while(1) alert('ooooh');">
    &nbsp;
    </body>
    </html>

    Watch out before you run it! You wouldn't want to lose that Xanga post you've been working on.

  10. Re:How come... by mysticgoat · · Score: 2, Funny

    [about slashdot's 'failure' to treat MS and FOSS screw-ups with equal equanimity] Why not offer equal critiques, and understanding, for any product regardless.

    It has taken more than a decade of loathsome business practices, corrupt corporate ethics, and abusively bad coding practices for Microsoft to earn the unique status it holds on Slashdot and other fora where people who've been in the business for a while congregate. Would you deny Microsoft the community recognition it has strived so hard for so long to achieve?

  11. Mo$illa is evil... by feepness · · Score: 4, Funny

    When will they wake up and stop releasing buggy software.

    I will not have any of their software on my computer. I ONLY use Microsoft products.

  12. Re:Not too big a deal by tomatensaft · · Score: 2, Funny

    They haven't yet fixed this bug as well (I tried it today, and my Firefox 1.0.7 crashed)...

    <script>
    a = new Array(); while (1) { (a = new Array(a)).sort(); }
    </script>

  13. Re:Not too big a deal by maxwell+demon · · Score: 3, Funny
    I reported some DOS bugs against firefox

    I didn't know there's a DOS port of Firefox. :-)
    --
    The Tao of math: The numbers you can count are not the real numbers.
  14. Re:The operative word is "attack". by drstock · · Score: 3, Funny

    If you crash your car into a tree, did that tree "attack" you?

    If you crash your car when driving over ice, did that ice "attack" you?

    If you drive your car off a bridge and into a lake, did that lake "attack" you?

    Yes, yes and yes. At least that's what I'm telling my insurance company.

    --
    My other comment is funny
  15. Re:totally off guard by nmb3000 · · Score: 5, Funny

    Version 1.0.7 on XP sure is. Crashed and burned bad.

    Don't worry about it guys. I sent Microsoft an Error Report so I'm sure they'll get right on the problem as well.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)