Portal Home > Knowledgebase > Articles Database > Mozilla Firefox 3.6 plenitude String 0-day exploit
Mozilla Firefox 3.6 plenitude String 0-day exploit
| Posted by The Dude, 03-03-2010, 05:14 AM |
| Background
Mozilla Firefox is a popular internet browser. .....
#Vulnerability
This bug is a typical result when attacker try to write plenitude String in document.write() function. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
#Impact
Mozilla Crash!!
#Proof of concept
Copy the code in text file and save as "asheesh.html" and close all tabs and windows to avoid any loss of data,then open the file in Firefox and wait for 15 sec ...... and say Good Bye Mozilla .......
http://www.exploit-db.com/exploits/11617
INTERESTINGLY THIS DOES NOT ONLY AFFECT FF3.6!!
I TRIED IT WITH MYIE2 (IE6 ENGINE) AND IT HUNG MY BROWSER,I COULDNT DO A THING!! (I HAD TO CTRL-ALT-DEL AND END TASK)
Does anyone know what this does exactly??
|
| Posted by The Dude, 03-03-2010, 05:48 AM |
| Wanted to add
Loading this file OVER THE INTERNET WITH SCRIPTS DISABLED ON IE DISABLES THIS FROM WORKING SO NOSCRIPT ON FF SHOULD HAVE THE SAME AFFECT ON THIS FILE!!
http://dslreports.fileave.com/asheesh.html
|
| Posted by luki, 03-03-2010, 01:05 PM |
| How is this an exploit? What does it exploit besides using up a ton of memory for a few seconds? On my machine, Firefox 3.6.2 used ~1 GB of memory and after 5 seconds was back to normal (memory free'd), all functional. FUD?
|
| Posted by generic007, 03-03-2010, 05:37 PM |
| This is not a big deal in any way, probably the over 9,000th DoS advisory for document.write . Just an inefficient waste of RAM at worst.
|
| Posted by The Dude, 03-03-2010, 10:53 PM |
| Hmmmmm i wonder if thats all this does!!
I wonder IF I LET IT GO,would IE become usable again??
Your smart Luki! (Maybe this is nothing)
|
Add to Favourites 
Print this Article
Also Read
