-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory #9 | Apr 12th, 2006 | --------------------------------------------------- | Vendor | Mozilla Firefox | | URL | http://www.mozilla.com/firefox/ | | Version | <= 1.5.0.1 | | Risk | Low (DoS - Null Pointer Dereference) | --------------------------------------------------- o Description: ============= The award-winning Web browser is better than ever. Browse the Web with confidence - Firefox protects you from viruses, spyware and pop-ups. Enjoy improvements to performance, ease of use and privacy. Visit http://www.mozilla.com/firefox/ for detailed information. o Denial of Service: =================== Following HTML source forces Firefox <= 1.5.0.1 to crash: > > > > Online-demo: http://morph3us.org/security/pen-testing/firefox/firefox1501-nsBlockFrame.html The access violation results in a non-exploitable Null Pointer Dereference. o Disclosure Timeline: ===================== 01 Oct 05 - DoS vulnerability discovered. 15 Dec 05 - Vendor contacted. 15 Dec 05 - Vendor confirmed vulnerability. 02 Feb 06 - Fixed on 1.x branches. 12 Apr 06 - Public release. o Solution: ========== The upcoming versions of Firefox (1.0.8 and 1.5.0.2) will address this issue. o Credits: ========= Thomas Waldegger BuHa-Security Community - http://buha.info/board/ If you have questions, suggestions or criticism about the advisory feel free to send me a mail. The address 'bugtraq@morph3us.org' is more a spam address than a regular mail address therefore it's possible that some mails get ignored. Please use the contact details at http://morph3us.org/ to contact me. Greets fly out to cyrus-tc, destructor, nait, rhy, trappy and all members of BuHa. Advisory online: http://morph3us.org/advisories/20060412-firefox-1501.txt -----BEGIN PGP SIGNATURE----- Version: n/a Comment: http://morph3us.org/ iD8DBQFEPVY0kCo6/ctnOpYRA02MAJ44HoaPKmgnii3+uM7RBNA5WsJ2BgCdHTdM e3SnWFYbwoCSftadTtIfzr0= =dVrF -----END PGP SIGNATURE-----