Greeting's
Damage that can be caused :
Firefox Remote Code Execution and Denial of Service.
Solution :
Disable javascript.
Get more information here :
http://secunia.com/advisories/19802/
http://www.securident.com/vuln/ff.txt
Printable View
Greeting's
Damage that can be caused :
Firefox Remote Code Execution and Denial of Service.
Solution :
Disable javascript.
Get more information here :
http://secunia.com/advisories/19802/
http://www.securident.com/vuln/ff.txt
Hi,
The second link, the securident one, mentions "remote code execution" and "buffer overflow." That sounds more serious than just DOS.
Hey Hey,
The Firefox vuln is more than a DoS.. it's being classed as "Possible arbitrary remote code execution"... in other words.. You're DoSing a buffer and it may be possible to overflow the buffer...
At this point, no one can really claim a browser to be better... with the 1.5.0.2 release, firefox fixed in excess of 10 vulns... all just as bad as the recent ones IE has seen, some of the were the same... since that release, at least 2 new vulns have surfaced.. possibly three.
In the past 24 hours... we've seen new 0Days for IE, Firefox and Safari...
and H.D. Moore has released yet another Web Browser fuzzing tool -- http://metasploit.com/users/hdm/tool.../domhanoi.html
So far I've crashed a fully patched IE on XP SP2 with it..
Peace,
HT
HT, I tried that link of yours in IE, crashed it. tried it again in FF and all it kept giving me was "unresponsive script" and click here to continue so I did but, that damn message kept coming up over and over and it annoyed me so I cancelled the test. I am also running a fully patched SP2 on XP pro.
HT,
Tried that link also. The browser information bar cycled a list of stuff starting from A and upwards. After cycling thru the alphabet(?), the information bar stops at "Status: Adding - a - a - table - frameset".
The browser is still working fine, I can get other tabs to work and the computer hasn't crashed.
My javascript blocker is off and popups are allowed.
I don't get it. Why can't I crash?
Hmmphff.
:mad:
Greeting's
My apologies to everyone for providing wrong information. I only went through one of the both given site's. I have to re-start my computer now (new update's from microsoft) :(. I'll edit my post once I'm back online.
ZT3000,
I'm using Firefox 1.5.0.2 on Fedora Core 5 and http://www.securident.com/vuln/ffdos.htm crashes my Firefox. Try cutting and pasting this URL in your browser.
Here's the result of doing exactly what you said, Preacherman.
Nothing happened basically.
(I think those links don't like me)
What is a "javascript blocker"?Quote:
My javascript blocker is off and popups are allowed.
Do you mean you have javascript turned off?
I like how preacher knows nothing ^_^, that's cool. Basically this ended up being a vulnerability with the potential to be exploited with severity, but has not been done so yet by any skiddie tool. Yall should be ok then eh?
So the browser does load and run the javascript. If it sees a <script> tag with javascript, it will not read (at least I don't think it'll read) and certainly should not execute it after JS is turned off.Quote:
Do you mean you have javascript turned off?