SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Netscape Vendors:   America Online, Inc.
Netscape Error in Processing Empty Javascript Functions Lets Remote Users Deny Service
SecurityTracker Alert ID:  1014349
SecurityTracker URL:  http://securitytracker.com/id/1014349
CVE Reference:   CVE-2005-2114   (Links to External Site)
Updated:  Jul 6 2008
Original Entry Date:  Jul 1 2005
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 8.0.2
Description:   Juha-Matti Laurio reported a vulnerability in the Netscape browser. A remote user can cause the browser to crash.

A remote user can create specially crafted Javascript that, when loaded by the target user, will cause the target user's browser to crash. The code can repeatedly call an empty function to trigger the flaw.

A demonstration exploit is available at:

http://www.kurczaba.com/html/security/0506241_poc.htm

The vendor was notified on June 30, 2005.

This type of vulnerability was originally discovered by Paul Kurczaba, reported as affecting Mozilla products.

Impact:   A remote user can cause the target user's browser to crash.
Solution:   No solution was available at the time of this entry.

As a workaround, Javascript can be disabled.

Vendor URL:  browser.netscape.com/ns8/product/default.jsp (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  New Netscape Browser JavaScript Function Denial of Service


- Description:
The newest Netscape Browser version 8.0.2 is confirmed as affected to 
new remote type JavaScript Function Denial of Service Vulnerability, aka 
Mozilla Multiple Product JavaScript Issue. Tests was done with PoC 
(Proof of Concept) test pages located at
http://www.kurczaba.com/html/security/0506241.htm  (Manual and Automatic).
This can be possibly exploited by constructing a malicious Web page. If 
an attacker has ways to persuade user to visit this Web site, this can 
be used to crash user's browser. After a crash effect browser will 
finally quit.
Some user interaction is needed to vulnerability take affect when 
discussing PoC issue#1.

- Result:
Issue #1: http://www.kurczaba.com/html/security/0506241_poc.htm
(Manual)

Button "Go" was clicked.

Browser crashed without any visual effect and/or warning.


Issue #2: http://www.kurczaba.com/html/security/0506241_poc2.htm
(Automatic)

Browser crashed with the following information-like dialog box:

"netscape.exe
netscape.exe has encountered a problem and needs to close. We are sorry 
for the inconvenience. For more information about this error, [click 
here].

[Close]"

Only 'Close' button was available. After clicking 'Close' button, 
Netscape Browser was quitted.

- Technical details:
Menu setting Tools / Options... / Site Controls / Web Features: 
JavaScript was enabled (default setting).
Naturally, Rendering Engine 'Firefox' was used when tested.
Browser crash was happened due to special JavaScript code used at PoC 
pages mentioned earlier.

>From the vendor:
"The All New Netscape Browser 8.0 - Speed, Flexibility and More Security 
Choices Than Any Other Browser. Netscape began by trying to make an 
Internet that users found easy to use."

- Solution status:
No solution was available at the time of reporting.

- Software:
Netscape Browser 8.x
(free for downloading)

- Affected versions:
The vulnerability has been reported in version 8.0.2. Other versions may 
also be affected as well. The user agent string used was Mozilla/5.0 
(Windows; U; Windows NT 5.1; en-US; rv:1.7.5) ecko/20050603 
Netscape/8.0.2.

- Vendor:
Netscape Communications Corp.

Vendor Home Page:
http://www.netscape.com/

Product Home Page:
http://browser.netscape.com/ns8/

OS: Microsoft Windows

CVE reference: N/A

- Solution:
Disable JavaScript support or
Disable JavaScript support from untrusted sites.

Instructions:
Disable selection from Tools / Options... / Site Controls / Web 
Features: Enable JavaScript at particular Web site (URL address).

It is possible to check manually that JavaScript support is disabled, 
e.g. JavaScript test page used by the researcher:
http://gemal.dk/browserspy/js.html

Results:
"Generic JavaScript support: Yes
JavaScript version 1.1..2.0: Supported
External JavaScript support: Supported"

Rendering Engine used: Firefox
Related menu section: Tools / Options... / Site Controls / Web Features: 
Enable JavaScript

Additional instructions:
Add untrusted sites to I Don't Trust This Site list and check that 
JavaScript is disabled from those Web sites. Save changes with 'OK'.

If this is not possible:
Do not browse untrusted web sites or click untrusted links in e-mail messages.


Vendor was contacted on 30th June, 2005.

This vulnerablity was earlier researched in the following Mozilla 
products; (Mozilla) Firefox, Mozilla (Suite) and Camino by Paul 
Kurczaba.

References:
Kurczaba Associates Security Advisories > Mozilla Multiple Product 
JavaScript Issue [KA Advisory 0506241]
http://www.kurczaba.com/html/security/0506241.htm

>From the advisory:
"Vulnerability/Exploit:

By using a specially crafted JavaScript function, it is possible to 
crash the above named browsers. The script can be executed both with and 
without user intervention."

Timeline:
28-06-2005 - Vulnerability researched and confirmed
30-06-2005 - Vendor contacted
01-07-2005 - Detailed JavaScript support test and workaround instruction 
writing done
01-07-2005 - Security companies and several CERT units contacted


Best regards,
Juha-Matti Laurio, Networksecurity.fi
Security researcher
Finland
http://www.networksecurity.fi
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC