This time, it’s FireFox’s turn. PacketStorm released a PoC that crashes
FireFox, and has the possibility of code execution (still testing,
on version 1.5 btw).
ISC has more details on
the said PoC, as well as a workaround. And I’m still trying to get
FireFox to trigger my debugger. Hmmmm….
FireFox, and has the possibility of code execution (still testing,
on version 1.5 btw).
ISC has more details on
the said PoC, as well as a workaround. And I’m still trying to get
FireFox to trigger my debugger. Hmmmm….
Update (JJ,
08 December 2005 11:08:53)
… because FireFox doesn’t crash. Not with
the PoC and with FireFox v1.5. While I was waiting for my debugger
to trigger, FireFox resumed its normal operation after around
30seconds to 1 minute given the PoC. The PoC inserted a total of
2,500,000 characters for the title, so i figured, why not make it
larger, say 25,000,000. FireFox “hanged” for a longer time, but was
able to function again. No code execution for me.
the PoC and with FireFox v1.5. While I was waiting for my debugger
to trigger, FireFox resumed its normal operation after around
30seconds to 1 minute given the PoC. The PoC inserted a total of
2,500,000 characters for the title, so i figured, why not make it
larger, say 25,000,000. FireFox “hanged” for a longer time, but was
able to function again. No code execution for me.
Update (JJ,
08 December 2005 17:59:43)
On the other hand, here’s another bug:
(right now you can trigger it manually. I’ll check out later how to
trigger it when loading an HTML file)
Copy paste a looooooooong string of say, “A”‘s into the URL bar.
Just keep on pasting. And pasting. and pasting. soon you’ll see the
“A”‘s disappear, the system hangs, and Display settings have been
changed. Well at least for my Windows XP Sp2, FireFox 1.5, on a
ShuttleX machine. I’ll try this on other machines later.
(right now you can trigger it manually. I’ll check out later how to
trigger it when loading an HTML file)
Copy paste a looooooooong string of say, “A”‘s into the URL bar.
Just keep on pasting. And pasting. and pasting. soon you’ll see the
“A”‘s disappear, the system hangs, and Display settings have been
changed. Well at least for my Windows XP Sp2, FireFox 1.5, on a
ShuttleX machine. I’ll try this on other machines later.
Update (JJ,
08 December 2005 19:48:42)
On my bug, somehow it seems to be a hardware
issue, as tests on other types of machines did not reproduce the..
um.. bug. And on the original purpose of this entry, the FireFox
PoC, I’ve contacted ISC on my findings and they too noticed it, but
some of them were able to crash their PC’s. We’ll find out soon
enough. Mozilla already has this on their buglist.
issue, as tests on other types of machines did not reproduce the..
um.. bug. And on the original purpose of this entry, the FireFox
PoC, I’ve contacted ISC on my findings and they too noticed it, but
some of them were able to crash their PC’s. We’ll find out soon
enough. Mozilla already has this on their buglist.