Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Firefox 1.0.7 DoS Exploit

Posted by Hemos on from the to-be-confirmed-or-not-confirmed dept.

An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""

19 of 438 comments (clear)

  1. totally off guard by Tufriast · · Score: 5, Informative

    I checked out the Mozilla site -- not a peep about it. I made a post there. I figure this one totally right hooked them. It's a pretty massive crash. Just makes the whole browser lock up. At least I know they'll fix it fast though...I think in 24 hours we'll see a turn around. Anyone try this with version 1.5?

    --
    Help me, help you. - Jerry McGuire
    1. Re:totally off guard by tbspit · · Score: 5, Informative

      Version 1.5 is not affected.

    2. Re:totally off guard by mrgavins · · Score: 5, Informative

      Maybe because it's already fixed? Maybe because it's hardly a security issue? This is bugzilla bug 210658, it was filed in 2003, and fixed for 1.5 15 months later.

      --
      Gavin Sharp
    3. Re:totally off guard by nmb3000 · · Score: 5, Funny

      Version 1.0.7 on XP sure is. Crashed and burned bad.

      Don't worry about it guys. I sent Microsoft an Error Report so I'm sure they'll get right on the problem as well.

      --
      "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
      /)
  2. How come there are so many nice hackers? by jkind · · Score: 5, Funny

    Why are there so many nice hackers in the world? Willing to spend their time finding exploits, post them, and even a "safe" example. Do they take pride in helping the surfing community? Why don't they just hijack the world's browsers and make us choose between "Yes" and "Okay" on their PayPal deposit sites?
    Where are the evil hackers, or have they all converted, scared about stiff http://news.bbc.co.uk/1/hi/technology/4249780.stm penalties?

    --
    ~jennifer.k~
    1. Re:How come there are so many nice hackers? by FirienFirien · · Score: 5, Insightful

      Why are there so many nice hackers in the world? Because some people believe in things like morals and society? Because not everyone is corrupt? Apart from anything else there's always the chance that if someone is a 'nice' hacker then they can act as a model for others, and will get a little return on their investment of time by coming across a warning next time instead of a Yes/Okay dialog against them.

      People who don't want their friends/family affected, people who actually care about the world they live in. I'm surprised that you seem to believe that everyone would be malicious if they could.

      --
      Browsing with +2 to insightful posts and a higher threshold makes the average post seen seem a lot more ingenious
  3. Re:Brilliant header! by Hey+Pope+Felcher+.+. · · Score: 5, Informative

    . . . RTFA,

    milw0rm.com have released proof of concept code for a denial of service exploit which apparently affects all versions of the Mozilla Foundations popular Firefox browser from version 1.0.7 downward.

    Remember, on Slashdot always read the article, it is generally only a coincidence if the summary has any bearing on the actual linked text.

  4. Nomenclature... by gowen · · Score: 5, Insightful

    How long has a webpage that makes a browser crash been called a "Denial Of Service Exploit".

    A browser that can be crashed is a very bad thing, but suggesting this is some sort of "Denial Of Service" attack, is just semantics. It doesn't crash the box, and it doesn't flood/break the network. Every other service on your machine runs as normal. That's not a Denial Of Service by the usual definition of the term.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    1. Re:Nomenclature... by gowen · · Score: 5, Insightful
      If you did exactly the same thing to, say, apache or proftpd or mysql
      They're all servers.

      Servers <=> Service <=> Denial Of Service.

      See how that works?
      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
    2. Re:Nomenclature... by MightyYar · · Score: 5, Insightful

      Wow... what a big ball of... nothing. All they did was find some html that crashes Firefox. Big deal! Have you seen Bugzilla lately? Should I just start randomly submitting bugs from Bugzilla, start calling them DOS exploits, and make the front page of Slashdot?

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    3. Re:Nomenclature... by gowen · · Score: 5, Informative

      i) Web browsing isn't a server process, it's a client process.
      ii) You can kill the browser and go to another web page. Hell, you can just start another instance of the web browser. Which must take all of three nanoseconds.

      If you prevent login, or send a SYN flood that prevents http connections, you can't just restart the appropriate service. If you really can't see why causing a client to crash is different from preventing a server from functioning, I suggest you look in some elementary computer science textbooks.

      I don't have time any more time to explain the basics to fools.

      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  5. So... by LiquidCoooled · · Score: 5, Insightful

    This can freeze your browser.

    Wheres the vulnerability? when does the spyware attack? Do I need to reinstall Windows?
    Should I buy a virus checker?

    Anyone stupid enough to host this "exploit" on their site are just dumb,
    "oooooh it makes your firefox freeze" BFD - stay away from dodgy parts of the net

    (goatse is a bigger "exploit" and generally leads to complete machine shutdown/restart as you attempt to hide it from your colleagues)

    --
    liqbase :: faster than paper
  6. Exploit by Anonymous Coward · · Score: 5, Informative

    The exploit is:

    <html><body><strong>Mozilla<sourcetext></body></ht ml>

    and it also makes Mozilla suite 1.7.12 hang.

    The sourcetext tag is used when a parser error occurs; the Mozilla DOMParser will accept any string and always returns a valid XML DOM object, but in the case that the string was malformed, it returns something like this:

    <parsererror xmlns="http://www.w3.org/1999/xhtml">XML Parsing Error: mismatched tag. Expected: </strong>. Location: file:///1253.html Line Number 3, Column 37:<sourcetext> (text here) </sourcetext></parsererror>

    which you may have seen formatted before in a nice red-on-yellow page.

  7. Who cares? by brunes69 · · Score: 5, Informative

    So clicking on a link can lock up the browser. So what?

    How is this any different from this, which effectively locks up *all* current browsers?

    <script>
    while(true){
    alert('Haha!');
    }
    <script>

    This is hardly important. I don't see any way this can crash my machine or infect me with a trojan.

    PS if you want a fix for the above vote for bug 61098] at bugzilla.

  8. Re:Not too big a deal by stevey · · Score: 5, Insightful

    Not necessarily.

    I reported some DOS bugs against firefox which will kill a browser by essentially saying:

    • Give me a table of 1000000 rows and 1000000 columns.

    The browser dies. Probably because it attempts to either a) allocate all the system's memory and the kernel kills it, or b) at some point memory allocation fails and the program terminates.

    Not all crashes are buffer overflows, or exploitable.

  9. Here is the exploit (the text of the html) by putko · · Score: 5, Interesting
    Here's the exploit:
    <html><body><strong>Mozilla<sourcetext></body></ht ml>
    Note: that last thing really is "html", but I think slashcode rewrites it.

    Any ideas as to what is going wrong?
    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
  10. yeah, WTF? by subtropolis · · Score: 5, Insightful
    There's this exploit, see. Click here to try it. Go on, it's ok...

    I think the poll at the top of the page should ask, "Do you trust WhiteDust security?"

    Oh, wait - that's what the 'Test the exploit' link is for.

    --
    "Our interests are to see if we can't scale it up to something more exciting," he said.
  11. crasher bug != news by CNeb96 · · Score: 5, Insightful

    This crasher bug has no effect on my post 1.5 beta 2 version of firefox on Linux. Gecko/20051017. A new crasher bug is also not news. There are hundreds of ways to crash mozilla. Lets face it most browsers aren't at a state to jump every time there is a new bug to crash or "DOS Them" as the article states. Just another security site trying to make themselves look good at a products expense. How much money does it cause companies like the Mozilla Organization to release a new version of their browser, just to put an end to the bad press of a so called "exploit"?

  12. how's this possible by Douglas+Simmons · · Score: 5, Insightful
    Unless somehow this is truly "in the wild" sasser style, which I highly doubt, I'm more inclined to piss and moan for a fix for all these firefox process running away and ram leaking like ... the levees. But I guess that's just not as sexy a thing to get everyone all freaked out over. Or maybe I'm the only one opening up over a hundred tabs on my pr0n hunts.

    And let's suppose it is in the wild and to get infected I don't have to go to some Russian site selling stolen credit cards. Can anyone see how that could be possible? You'd have to go to a site knowingly and maliciously designed to exploit this, right?