SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Browser Vendors:   Mozilla.org
Mozilla Browser Error in Processing Empty Javascript Functions Lets Remote Users Deny Service
SecurityTracker Alert ID:  1014293
SecurityTracker URL:  http://securitytracker.com/id/1014293
CVE Reference:   CVE-2005-2114   (Links to External Site)
Updated:  Jul 7 2008
Original Entry Date:  Jun 26 2005
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 1.7.8
Description:   Paul Kurczaba reported a vulnerability in the Mozilla browser suite. A remote user can cause the browser to crash.

A remote user can create specially crafted Javascript that, when loaded by the target user, will cause the target user's browser to crash. The code can repeatedly call an empty function to trigger the flaw.

A demonstration exploit is available at:

http://www.kurczaba.com/html/security/0506241_poc.htm

Impact:   A remote user can cause the target user's browser to crash.
Solution:   No solution was available at the time of this entry.

As a workaround, Javascript can be disabled.

Vendor URL:  www.mozilla.org/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC