|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability
From: Daniel Veditz (dveditz
cruzio.com)
Date: Tue Nov 22 2005 - 10:57:06 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Toufeeq Hussain wrote:
>> Security Advisory (Reclassification) :: CT21-11-2005
>> -----------------------------------------------------
>>
>> Title: Microsoft Internet Explorer JavaScript Window()
>> Vulnerability
>
> Is it just me or did this exploit just DOS'ed my Firefox 1.0.7(Debian
> Linux).
> Just try the Windows XP Link given in the POC URL.
> Firefox just hung with 100% CPU utilization.
This does DOS Firefox (and the Mozilla Suite), tracked at
https://bugzilla.mozilla.org/show_bug.cgi?id=317334
The problem appears to be related to trying to reflow Bi-directional
text, we've chunked the 200K character prompt dialog into 66K internal
chunks and appear to have a really sucky algorithm for doing so.
Eventually Firefox will show the prompt dialog and continue on normally
(where eventually can be up to a couple of minutes).
-Dan Veditz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]