[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Mozilla Multiple Product JavaScript Issue

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Mozilla Multiple Product JavaScript Issue
From: Kurczaba Associates Advisories <advisories@xxxxxxxxxxxx>
Date: Tue, 28 Jun 2005 16:21:26 -0400

Mozilla Multiple Product JavaScript Issue
http://www.kurczaba.com/html/security/0506241.htm
-------------------------------------------------

Vendor:
Mozilla (http://www.mozilla.org)

Vulnerable Software:
Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4

Vulnerability/Exploit: By using a specially crafted JavaScript function, it is possible to crash the above named browsers. The script can be executed both with and without user intervention.

Proof of Concept:
Manual: http://www.kurczaba.com/html/security/0506241_poc.htm
Automatic: http://www.kurczaba.com/html/security/0506241_poc2.htm

Workaround:
Disable JavaScript

Date Discovered:
June 14, 2005

Severity:
Low

Credit:
Paul Kurczaba

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Mozilla Multiple Product JavaScript Issue
  - From: evilninja

Prev by Date: RE: [Full-disclosure] Solaris 9/10 ld.so fun
Next by Date: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug
Previous by thread: [Full-disclosure] MDKSA-2005:107 - Updated ImageMagick packages fix vulnerabilities
Next by thread: Re: [Full-disclosure] Mozilla Multiple Product JavaScript Issue
Index(es):
- Date
- Thread