Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 109580

Summary: www-client/mozilla-firefox: DoS weakness + exploit
Product: Gentoo Linux Reporter: Carsten Lohrke (RETIRED) <carlo>
Component: New packagesAssignee: Mozilla Gentoo Team <mozilla>
Status: RESOLVED UPSTREAM    
Severity: normal CC: ruben
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Carsten Lohrke (RETIRED) gentoo-dev 2005-10-17 08:35:59 UTC 
Tom Ferris has discovered a weakness in Firefox, which can be exploited by
malicious people to cause a DoS (Denial of Service).

The weakness is caused due to an error in the handling of overly large size
attributes in the "Iframe" tag. This can be exploited to crash a vulnerable
browser via a specially crafted "Iframe" tag on a malicious web site.

The weakness has been confirmed in version 1.0.7 on Fedora Core 4 (Linux). Other
versions and platforms may also be affected.

NOTE: The vendor has concluded that the weakness is caused due to an infinite
recursion which causes a stack overflow, which only can be exploited to crash a
vulnerable browser and cannot be exploited for code execution.

http://secunia.com/advisories/17071/


milw0rm.com have released proof of concept code for a denial of service exploit
which apparently affects all versions of the Mozilla Foundations popular Firefox
browser from version 1.0.7 downward (For the dim this INCLUDES Firefox 1.0.7).
If this exploit has made it out into, or indeed been retrieved from the wild is
unknown at this time. However it is clear that this exploit will indeed need
patching as soon as possible - it does cause a nasty software loop/crash.

http://www.whitedust.net/newsview.php?NewsID=1432
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-10-17 08:58:26 UTC 
We usually do not consider client DoS as vulnerabilities. There is "Service" in
Denial of Service and I can't think of a service you miss by crashing while
visiting some evil web page. My take on this is let the fix filter from FF usual
updates.
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2005-10-17 16:14:08 UTC 
Right, I was a bit quick with this.
Comment 3 Carsten Lohrke (RETIRED) gentoo-dev 2005-10-19 05:55:55 UTC 
*** Bug 109778 has been marked as a duplicate of this bug. ***
Comment 4 Stuart Longland (RETIRED) gentoo-dev 2006-07-30 06:38:42 UTC 
This has been fixed upstream.

https://bugzilla.mozilla.org/show_bug.cgi?id=303433