Mozilla Firefox Error in Processing Empty Javascript Functions Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1014294
|
|
SecurityTracker URL: http://securitytracker.com/id?1014294
|
|
CVE Reference: CVE-2005-2114
(Links to External Site)
|
Updated: Jul 7 2008
|
Original Entry Date: Jun 26 2005
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 1.0.4
|
Description: Paul Kurczaba reported a vulnerability in the Mozilla Firefox browser. A remote user can cause the browser to crash.
A remote user can create specially crafted Javascript that, when loaded by the target user, will cause the target user's browser
to crash. The code can repeatedly call an empty function to trigger the flaw.
A demonstration exploit is available at:
http://www.kurczaba.com/html/security/050624
1_poc.htm
|
Impact: A remote user can cause the target user's browser to crash.
|
Solution: No solution was available at the time of this entry.
As a workaround, Javascript can be disabled.
|
Vendor URL: www.mozilla.org/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
