vendor:
Firefox
by:
Emanuele 'emgent' Gentili, Marco 'white_sheep' Rondini, Alessandro 'scox' Scoscia
7,5
CVSS
HIGH
Denial of Service
20
CWE
Product Name: Firefox
Affected Version From: 3.6.12
Affected Version To: 3.6.12
Patch Exists: Yes
Related CWE: N/A
CPE: Mozilla:Firefox
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: All
2010
0day Mozilla Firefox <= 3.6.12 Remote Denial Of Service
This exploit uses a combination of null bytes and a loop to cause a denial of service in Mozilla Firefox versions 3.6.12 and below. The exploit writes a series of null bytes and then a loop that writes a large number of 'a' characters and then the contents of the body tag. This causes the browser to crash.
Mitigation:
Upgrade to a version of Firefox that is not vulnerable to this exploit.
