Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit

Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit

Credit: Jean Pascal Pereira <[email protected]>

Description:

Mozilla Firefox is prone to a memory exhaustion vulnerability.
The issue has been tested on Firefox 14.01, prior versions may also be affected.

mozalloc.cpp, line 184:

moz_xposix_memalign(void **ptr, size_t alignment, size_t size)
{
int err = posix_memalign(ptr, alignment, size);
if (UNLIKELY(err && ENOMEM == err)) {

    mozalloc_handle_oom();
    return moz_xposix_memalign(ptr, alignment, size);
}
// else: (0 == err) or (EINVAL == err)
return err;

}

A crafted JavaScript leads the application to crash.

Stacktrace (Windows 7 SP1):

EAX 00000000
ECX 5D923896 MSVCR100.5D923896
EDX 00000003
EBX 7FB00000 UNICODE "xxxxxxxxx […]"
ESP 002BB7F8
EBP 002BB85C
ESI 5D8D1EC6 MSVCR100.__p__iob
EDI 5D92379C MSVCR100.fputs
EIP 73FC1999 mozalloc.73FC1999
C 0 ES 0023 32bit 0(FFFFFFFF)
P 0 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 0 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFDF000(C000)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_NOT_ENOUGH_MEMORY (00000008)
EFL 00000202 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty 1.0000000000000000000
ST1 empty 0.1085754583206562651
ST2 empty -0.0696429635909516231
ST3 empty 86.763962149620056150
ST4 empty 31200.200000000000730
ST5 empty 1.3451474216221712500e+15
ST6 empty 1.0390856000000000000e+10
ST7 empty 0.0
3 2 1 0 E S P U O Z D I
FST 0022 Cond 0 0 0 0 Err 0 0 1 0 0 0 1 0 (GT)
FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1