TUCoPS :: Browsers :: bt-21135.htm

Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services
Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services
Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services


____________________   ___ ___ ________
\_   _____/\_   ___ \ /   |   \\_____  \
 |    __)_ /    \  \//    ~    \/   |   \
 |        \\     \___\    Y    /    |    \
/_______  / \______  /\___|_  /\_______  /
        \/         \/       \/         \/                              .OR.ID
ECHO_ADV_110$2009

--------------------------------------------------------------------------------
[ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services 
--------------------------------------------------------------------------------

Author		: Ahmad Muammar W.K (a.k.a) y3dips
Date Found	: June, 4th 2009
Location	: Indonesia, Jakarta
web		: http://e-rdc.org/v1/news.php?readmore=137 
Critical Lvl	: Moderated
Impact		: Browser will automatically shutdown
Where		: From Remote
Disclosure Policy: Full Disclosure Policy (RFPolicy) v2.0
http://www.wiretrip.net/rfp/policy.html 
--------------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Firefox is a popular Internet browser from the Mozilla Corporation. 

Application	: Firefox for GNU/linux
version		: Firefox/3.0.10 (X11; Linux i686; U; en)
                  Also affected for lower version (tested for version 3.0.8 at
                  Ubuntu 9.0.4)
		=09
URL		: http://firefox.com 
Bugzilla entry  : https://bugzilla.mozilla.org/show_bug.cgi?id=496265

Description 	:

Firefox 3.0.10 (previous version) for GNU/Linux Operating systems are unable to 
handle big size of GIF images rendering when it becomes a body backgrounds. 
Just use a random size GIF files will crash firefox because of HTML body tag.

--------------------------------------------------------------------------------

Exploit Code:
~~~~~~~~~~~~~~~~







Firefox Exploit








live exploit :

http://y3dips.echo.or.id/tempe/ff310expl/ 

--------------------------------------------------------------------------------

Timeline:
~~~~~~~~~

- 20 - 05 - 2009 bug found
- 04 - 06 - 2009 vendor contacted and adding entry to bugzilla
- 04 - 06 - 2009 vendor response, and there`s a potential patch
- 09 - 06 - 2009 advisory release

--------------------------------------------------------------------------------
Shoutz:
~~~~~~~

~ my family (ana my wife and ali my son)

~ the_day, K-159, negative, hero, az001, rey, and also all echo staff
~ janex vind "waraxe", str0ke, chopstick
~ newbie_hacker[at]yahoogroups.com
~ #e-c-h-o @irc.dal.net 

--------------------------------------------------------------------------------
Contact:
~~~~~~~~

     y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id
Homepage: http://y3dips.echo.or.id/ 

-------------------------------- [ EOF ] ---------------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH