Mozilla Firefox 1.0.7 DoS Exploit

← Back to Stories (view on slashdot.org)

Mozilla Firefox 1.0.7 DoS Exploit

Posted by Hemos on Monday October 17, 2005 @01:26AM from the to-be-confirmed-or-not-confirmed dept.

An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""

7 of 438 comments (clear)

Min score:

Reason:

Sort:

totally off guard by Tufriast · 2005-10-17 01:29 · Score: 5, Informative

I checked out the Mozilla site -- not a peep about it. I made a post there. I figure this one totally right hooked them. It's a pretty massive crash. Just makes the whole browser lock up. At least I know they'll fix it fast though...I think in 24 hours we'll see a turn around. Anyone try this with version 1.5?

--
Help me, help you. - Jerry McGuire
1. Re:totally off guard by tbspit · 2005-10-17 01:30 · Score: 5, Informative
  
  Version 1.5 is not affected.
2. Re:totally off guard by mrgavins · 2005-10-17 03:53 · Score: 5, Informative
  
  Maybe because it's already fixed? Maybe because it's hardly a security issue? This is bugzilla bug 210658, it was filed in 2003, and fixed for 1.5 15 months later.
  
  --
  Gavin Sharp
Re:Brilliant header! by Hey+Pope+Felcher+.+. · 2005-10-17 01:30 · Score: 5, Informative

. . . RTFA,

milw0rm.com have released proof of concept code for a denial of service exploit which apparently affects all versions of the Mozilla Foundations popular Firefox browser from version 1.0.7 downward.

Remember, on Slashdot always read the article, it is generally only a coincidence if the summary has any bearing on the actual linked text.
Exploit by Anonymous Coward · 2005-10-17 01:35 · Score: 5, Informative

The exploit is:

<html><body><strong>Mozilla<sourcetext></body></ht ml>

and it also makes Mozilla suite 1.7.12 hang.

The sourcetext tag is used when a parser error occurs; the Mozilla DOMParser will accept any string and always returns a valid XML DOM object, but in the case that the string was malformed, it returns something like this:

<parsererror xmlns="http://www.w3.org/1999/xhtml">XML Parsing Error: mismatched tag. Expected: </strong>. Location: file:///1253.html Line Number 3, Column 37:<sourcetext> (text here) </sourcetext></parsererror>

which you may have seen formatted before in a nice red-on-yellow page.
Who cares? by brunes69 · 2005-10-17 01:43 · Score: 5, Informative

So clicking on a link can lock up the browser. So what?
How is this any different from this, which effectively locks up *all* current browsers?
<script> while(true){ alert('Haha!'); } <script>
This is hardly important. I don't see any way this can crash my machine or infect me with a trojan.
PS if you want a fix for the above vote for bug 61098] at bugzilla.
Re:Nomenclature... by gowen · 2005-10-17 04:37 · Score: 5, Informative

i) Web browsing isn't a server process, it's a client process.
ii) You can kill the browser and go to another web page. Hell, you can just start another instance of the web browser. Which must take all of three nanoseconds.

If you prevent login, or send a SYN flood that prevents http connections, you can't just restart the appropriate service. If you really can't see why causing a client to crash is different from preventing a server from functioning, I suggest you look in some elementary computer science textbooks.

I don't have time any more time to explain the basics to fools.

--
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.