TUCoPS :: HP Unsorted F :: b1a-1066.htm

Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities



Title: Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities

0x01. Description:
Memory exhaustion of Firefox 3.6.3 (latest) <= makes firefox can't make texts into body element and then it crashed. 
( raise exception using PoC #1, lower memory area read access violation using PoC #2 )
Ofcourse an variation PoC made NULL Pointer deref so may also could be code execution ( 0.1 % ). :-)

URL: http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt 

Vendor Status: unpatched. ( to now... doesn't exists any reliable exploit so i disclosed to bugtraq firstly )

0x02. Proof of Concepts:

[PoC #1 - firefox_3.6.3_dos_poc_1.htm] --














[PoC #2 - firefox_3.6.3_dos_poc_2.htm] --
















Thank you bugtraq securityfocus.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH