digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

Kill Firefox 1.5 with remote exploit

packetstormsecurity.org — A simple DoS exploit for Firefox 1.5 was released today.. All you have to do is create a simple webpage with the following code.. Simply evil.

Bury
show profanity settings
expand all
  • DickBreath, on 10/12/2007, -0/+9This is why I like FireFox's NoScript extension.

    It basically whitelists sites that are allowed to run any JavaScript. I don't mind if, say, Google runs JavaScript. But I don't want every random site being able to do so unless I approve. With NoScript it is easy to approve. The NoScript icon (with a popup menu) appears in the status bar at the bottom.
  • bonzooznob, on 10/12/2007, -0/+0I'm sure the good folks at Mozilla are working on a patch for this.
  • rokka, on 10/12/2007, -0/+0Eats some memory but does not crash.
    Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.8) Gecko/20051111 Firefox/1.5
  • danielcole, on 10/12/2007, -0/+1I saved the html in the link to a local file and ran it. My history.dat file went from 211k to 10,358k instantly. However, the exploit did not completely crash Firefox 1.5 as stated (at least for me). Firefox1.5 worked fine after clicking on the bad code, then I closed it, and when trying to reopen Firefox it *did* come back up, but was much much slower than normal to load the GUI - about 2-3 minutes.
  • Jackolicious, on 10/12/2007, -0/+0Doesn't work. My Firefox is running fine.
  • Killah_xxx, on 10/12/2007, -0/+0Dosn't crash here either...
  • hevnsnt, on 10/12/2007, -0/+0Try changing 5000 to 10,000 and see how it works.
  • epinephrine, on 10/12/2007, -0/+0Seems to use 99-100% of my CPU on Linux for a while. I'm certain the guys at Mozilla are working on fixing this. I had forgotten about NoScript, going to install it now. :)
  • hevnsnt, on 10/12/2007, -0/+0Looks like the magic numbers are 10,000 for buffer 1 and 1000 on buffer 2
  • tweeto, on 10/12/2007, -0/+0Did anyone actually reported this bug to mozilla???
  • keng, on 10/12/2007, -1/+0"from reopening their browser after being exploited. DoS if you will."

    Wait, um, how do you DoS a browser? A DoS is about flooding a webserver with insane amounts of traffic that keep it from server other customers. I don't think you can DoS a browser.
  • carguy84, on 10/12/2007, -3/+0C:Program FilesInternet Exploreriexplore.exe




    ;)
  • alex007, on 10/12/2007, -2/+3It funny how even the open source community has big bugs in major releases. Firefox 1.5 got released just recently and this bugs creeps up. Heck, if Internet Explorer 7 came out and a few weeks later a bug like this... Microsoft would be killed.
  • Double-Z, on 10/12/2007, -1/+0thanks for the head's-up on that noscript thing. Digg has a "google-analytics" script. It's not the adverts, because not all sites with google ads don't seem to have that. Hmm.
  • carguy84, on 10/12/2007, -0/+3keng, a DoS is "an incident in which a user or organization is deprived of the services of a resource they would normally expect to have."

    You're thinking of DDoS, which is a distributed version of DoS, where many nodes attack a common node.
  • dkordik, on 10/12/2007, -0/+1keng- denial of service terminology can refer to local applications as well.
  • carguy84, on 10/12/2007, -1/+0Double-Z, google-analytics is the website traffic analysis program google just released. They bought Urchin last spring, and released the web service to webmasters for free.
  • gbm85, on 10/12/2007, -0/+1"if Internet Explorer 7 came out and a few weeks later a bug like this... Microsoft would be killed."

    Except for the fact that serious exploits appear several times yearly for IE, and people still continue to use it...
  • rnelsonee, on 10/12/2007, -0/+1Doesn't crash Firefox, but does make it hard to open next time. For those trying it out, just delete history.dat.

    Should be an easy fix for the FF team. Just limit page titles to 1000 chars or so.
  • Shen, on 10/12/2007, -0/+2Yes, but it'll be fixed in a few weeks, unlike many IE bugs.
  • spectre_25gt, on 10/12/2007, -0/+2You guys that said it didn't crash, did you try reloading your browser? If you read the article, it doesn't crash your browser on execution, it crashes it on the next load.
  • Double-Z, on 10/12/2007, -0/+0carguy, thanks for the explanation :) *heads for google for more info*
  • Iriel, on 10/12/2007, -0/+2Well of course software will have bugs in it. Nothing is foolproof, but that's the advantage of open source. Even if Mozilla didn't know about this at the time of posting, I'm sure an advocate has alerted them by now. For those of us that haven't crashed, 1.5 will probably update automatically once they fix it with a reset on the .dat file to clear out the garbage.

    Meanwhile MS waits until the 29th of the month to start working on it ;)
  • dognose, on 10/12/2007, -0/+0yup, noscript is a dream. no worries while they work on a fix.
  • t3hs3x, on 10/12/2007, -0/+1Yes, NoScript is the *****.
  • joe92865, on 10/12/2007, -2/+2So for those of you keeping score;

    FF exploits - 1

    IE exploits - 3939848483839483939
  • mediaburn, on 10/12/2007, -0/+1I love the people that make sure everyone, but the people that can fix this, know about it.
  • Guspaz, on 10/12/2007, -0/+0How is this new? I've been able to crash Firefox over the net for ages without the use of scripts. I can be done by feeding Firefox a never ending stream over complex HTML, and it can be done over regular broadband connections.

    The trick is that Firefox is using up so much CPU time that it doesn't respond very well to requests to stop, so the user has to end-task it.
  • Shalabi, on 10/12/2007, -0/+0@mediaburn

    Security through obscurity is a horrible policy.
  • Double-Z, on 10/12/2007, -0/+0Firefox does struggle in a few places where IE doesn't. Go to w web page with 60 500x700 pictures on it (hmm, what could that be?), and FF struggles while EI doesn't.

    Still, the extra security and tabs means I would only use FF.
  • Sniper, on 10/12/2007, -0/+2You can just set Firefox to clear the history when you close Firefox ;)
  • AdamCo, on 10/12/2007, -0/+0I like how there is always atleast one person that meantions what would happen if the meantioned bug or exploit were to be in a microsoft product, leave the future telling to mrs. cleo please.
  • rolandog, on 10/12/2007, -0/+0Good ol' NoScript...
  • h2d2, on 10/12/2007, -2/+0People continue to use IE because MS does release patches whenever exploits come out. And btw, if one has any sense of technology, IE is no less secure than any other browser. It's just that there are a whole lot of idiots out there. But, ironically, thanks to those same people, IE will always be the top browser.
  • dbr_onix, on 10/12/2007, -0/+0Erm, the title is wrong, it's not a remote exploit, it's local.. But I'm sure it's been/being fixed now..
    - Ben
  • maverick999, on 10/12/2007, -3/+0I haven't been too impressed with FF 1.5 It's just a HUGE memory hog on my system (250 MB or so). I should have stayed with 1.0.7...

    ---
    http://www.caseypicker.com
  • FlyingAvatar, on 10/12/2007, -0/+0Same resutls for me with IE 6 and Firefox 1.5. Hangs for a about 2 seconds then is fine again.
  • dbr_onix, on 10/12/2007, -0/+0Just reread that top info on the page, about it allowing data execution is a bit scarey..
    thrall : just change the body tag to include onload="ex();" (Assuming digg doesn't remove the quotes..)
    - Ben
  • Iam8up, on 10/12/2007, -0/+0This kills Firefox 1.0.7 while running XP SP2.
  • galaxie, on 10/12/2007, -0/+0maverick999, 250 megs? damn man, try restarting, or do you have like 10 tab s running embedded media/flash?

    (I'm sure i could get firefox to use more than 250 megs, just have to fire up lots of media rich sites at once under a whole bunch of tabs)
  • hevnsnt, on 10/12/2007, -0/+0""code execution is possible with some modifcations"

    I wonder how the author jumped to this conclusion. Where's the proof? I didn't even see the stack mentioned in this article."

    Neither do I.. I have been playing with this all day. I don't see any possibility of execution ((yet))
  • mesostinky, on 10/12/2007, -0/+2"It funny how even the open source community has big bugs in major releases. Firefox 1.5 got released just recently and this bugs creeps up. Heck, if Internet Explorer 7 came out and a few weeks later a bug like this... Microsoft would be killed."

    How is it funny? Since when did ANY project maintainer for ANY OSS project ever claim by making something OSS it magically becomes bug free and never has security issues?

    Any coder or person with a clue will tell you that that security is a process and that both closed and open source applications will continue to have bugs and security problems for eons to come.

    If IE 7 came out with this bug it wouldn't be a problem. What people would rightly nail MS to wall for is NOT fixing the bug after months and month.

    A fix for this bug if indeed it is a bug will be out almost immediately. Best case with MS is waiting a month or two. The only time they break their lame policy is if enough bad press comes out forcing them to act.

  • leprasmurf, on 10/12/2007, -0/+3"Heck, if Internet Explorer 7 came out and a few weeks later a bug like this... Microsoft would be killed."

    There are some key differences between Microsoft and Open Source Software, differences that are hard to find out of all the flame wars and fan boys. There are going to be mistakes in all software, no matter who makes it. However, you now have hundreds or thousands of people around the world working on this problem coming up with solutions and working on a patch. Microsoft would rely on close sources and trusted workers to work on the solution/patch and would release it at their leisure. Also, as mentioned a couple times previously, IE has quite a few vulnerabilities because they have not kept security (until recently it seems) a priority. Where as Firefox has prided itself on its security focus. There are plenty of differences, and I don't want to go into them all and possibly have any misinformation, but there are always differences to be seen.
  • rspeed, on 10/12/2007, -0/+1"It funny how even the open source community has big bugs in major releases. Firefox 1.5 got released just recently and this bugs creeps up. Heck, if Internet Explorer 7 came out and a few weeks later a bug like this... Microsoft would be killed."

    What are you, joking? IE has had dozens of bugs like this! All browsers do. It comes with the territory.
  • jasqwerty, on 10/12/2007, -0/+1@nothingx

    Come on dude, you seem like you know what a stack is, and you're complaining he didn't release code that actually ***** over someone badly with minor modification?

    And I can't believe you didn't see where the stack is involved. The size of whatever FF is reading is obviously BIGGER than whatever BUFFER is being used to store it, thus causing an OVERFLOW of that BUFFER. I don't feel like firing up SoftIce and tracing exactly where the code breaks, and seeing if you can do any creative NOP slides, but I'm sure someone will soon enough.
  • rspeed, on 10/12/2007, -0/+0"Wait, um, how do you DoS a browser? A DoS is about flooding a webserver with insane amounts of traffic that keep it from server other customers. I don't think you can DoS a browser."

    No, that's a DDoS. This doesn't necessarily crash Firefox, it just makes it slow as hell.
  • balazs, on 10/12/2007, -3/+0


    My Blog: http://theminiblog.co.uk/
  • WackyT, on 10/12/2007, -3/+0"Except for the fact that serious exploits appear several times yearly for IE, and people still continue to use it..."

    "Firefox not only has more vulnerabilities per month than Internet Explorer, but it is now surpassing Internet Explorer for the number of exploits available for public download in recent months."
    http://blogs.zdnet.com/Ou/index.php?p=103

    And people still continue to use Firefox. Why?
  • jasqwerty, on 10/12/2007, -0/+0Also, I've said it before and I'll say it again...

    Running as root on your *nix box : BAD idea
    Running as admin on your Windows box: BAD idea

    One day this will sink in and neuter the usefulness of things like this considerably.

    If you INSIST on running as root/admin, then don't be surprised when you get schooled one day, because in all honesty, FF is just as ***** as IE (quiet fanboys, they're both bad) exploit wise considering it isn't even tied into the core OS or employs ActiveX.
  • Otto, on 10/12/2007, -0/+0This is on bugzilla already: https://bugzilla.mozilla.org/show_bug.cgi?id=319004
  • Fetching more discussions...
    Show 51 - 100 of 100 discussions
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.