[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] DoS vulnerability in Mozilla Firefox



Hello Full-Disclosure!

This is my second letter to this list.

Like in case of my previous letter to this list, I already sent this letter
to Bugtraq (at 15th of September), but they declined to post it without any
explanation (which is becoming tradition for them :-), earlier moderator at
least wrote explanations, but now he has a "words crisis"). I hope with
Full-Disclosure list everything will be much better. Insignificancy of
Bugtraq forces me to look at this list. When I read description of this list
at seclists.org, before writing of my first letter, I found it less nice
then Bugtraq's description. But I'll try to contribute my share to change
situation with list's image and we'll see who is #1 security list ;-).

I want to warn you about Denial of Service vulnerability in Mozilla Firefox.

Attack is based on idea of using of pkcs11.addmodule by Dan Kaminsky. Attack
belongs to type of blocking DoS (http://websecurity.com.ua/2550/). I wrote
already about blocking DoS vulnerabilities and it's new one.

DoS:

http://websecurity.com.ua/uploads/2009/Firefox%20DoS%20Exploit2.html

With the exploit Firefox blocks.

Vulnerable are all versions of Mozilla and Mozilla Firefox 3.0.13 and
previous versions.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3500/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/