Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Firefox 1.0.7 DoS Exploit

Posted by Hemos on from the to-be-confirmed-or-not-confirmed dept.

An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""

2 of 438 comments (clear)

  1. Here is the exploit (the text of the html) by putko · · Score: 5, Interesting
    Here's the exploit:
    <html><body><strong>Mozilla<sourcetext></body></ht ml>
    Note: that last thing really is "html", but I think slashcode rewrites it.

    Any ideas as to what is going wrong?
    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
  2. Hmmm.. security? by pavera · · Score: 4, Interesting

    OK, the IE fanboys are really stretching now. If crashing the browser is an "exploit" then that opens a whole new avenue of attack on IE. IE crashes like this (for me) far more often then firefox, and firefox crashes just about every time I visit a site with really involved flash or those really annoying smiley face banner ads (those are firefox killers).

    ctrl+alt+del kill process is a good workaround for this "extremely dangerous" exploit. Again if this is a security vulnerability, then flash is the greatest hacking tool against firefox. Java is probably the greatest hacking tool against IE.

    People are just really desparate for Firefox to have more bugs than IE. Thanks for finding some code that should probably be cleaned up, but crashing the browser is not in any way violating the security of the system on which the browser is running.