-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory #8 | Feb 15th, 2006 | --------------------------------------------------- | Vendor | Mozilla Firefox | | URL | http://www.mozilla.com/firefox/ | | Version | <= 1.0.7 | | Risk | Low (DoS - Null Pointer Dereference) | --------------------------------------------------- This issue was originally (?) discovered by Yuan Qi who posted it on Bugzilla [1] on 11th November 2004 [2]. I rediscovered this vulnerability on 1st October 2005 and reported it several weeks later to the Mozilla Software Foundation [3] because I did not find any advisory or bugzilla post about this problem.. I decided to release an advisory about this DoS vulnerability, even though it's an old issue. o Description: ============= The award-winning Web browser is better than ever. Browse the Web with confidence - Firefox protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy. Visit http://www.mozilla.com/firefox/ for detailed information. o Denial of Service: =================== Following HTML code forces Firefox to crash: > >

Online-demo: http://morph3us.org/security/pen-testing/firefox/firefox107-1128143204906.html The access violation results in a null pointer dereference and is not exploitable. o Vulnerable versions: ===================== The DoS vulnerability was successfully tested on: > Firefox 1.0.7 - GNU/Linux (Gentoo, Slackware, Debian) > Firefox 1.0.7 - Solaris > Firefox 1.0.7 - Windoze 2k / XP SP2 > Firefox 1.0.6 - XP SP2 > Firefox 1.0.4 - GNU/Linux (Gentoo, Slackware, Debian) > Firefox 1.0.4 - XP SP2 > Firefox 1.0.1 - XP SP2 > Firefox 1.0.0 - XP SP2 o Disclosure Timeline: ===================== 01 Oct 05 - DoS vulnerability discovered. 15 Dec 05 - Vendor contacted. 17 Dec 05 - Vendor confirmed vulnerability. 15 Feb 06 - Public release. o Solution: ========== Upgrade to Firefox 1.5.0.1. o Credits: ========= Thomas Waldegger BuHa-Security Community - http://buha.info/board/ If you have questions, suggestions or criticism about the advisory feel free to send me a mail. The address 'bugtraq@morph3us.org' is more a spam address than a regular mail address therefore it's possible that I ignore some mails. Please use the contact details at http://morph3us.org/ to contact me. Greets fly out to cyrus-tc, destructor, nait, trappy and all members of BuHa. Advisory online: http://morph3us.org/advisories/20060215-firefox-107.txt [1] https://bugzilla.mozilla.org/ [2] https://bugzilla.mozilla.org/show_bug.cgi?id=269095 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=320463 -----BEGIN PGP SIGNATURE----- Version: n/a Comment: http://morph3us.org/ iD8DBQFD8tg/kCo6/ctnOpYRAz27AJsE1EcyIycMA5XdDnHMJDdhPPk0uQCeK7DX H+dtwjsf4nkXuHrPR1wFZZM= =IUWt -----END PGP SIGNATURE-----