4 edits | Firefox 3.0.3 remote null pointer DoS vulnerability»www.milw0rm.com/exploits/6614
Severity: High
Description:
The mozilla firefox is vulnerable to user interface event dispatcher null
pointer dereference denial of service attacks. The dispatched event created
dynamically leads to firefox crash when it is called directly or in a
defined l
oop with number of generated user interface events.The resultant crash
results in:
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000007
Crashed Thread: 0
Thread 0 Crashed: 0 libxpcom_core.dylib nsTArray_base::Length() const + 11
(nsTArray.h:66)
1 libgklayout.dylib
nsContentUtils::GetAccelKeyCandidates(nsIDOMEvent*,
nsTArray&) + 261 (nsContentUtils.cpp:4083)
a fully working exploit is available here (it will crash your firefox):
»www.secniche.org/moz303/index.html |
|
|
|
SUMwarePremium
join:2002-05-21
kudos:2
4 edits | Re: Firefox 3.0.3 remote null pointer remote DoS vulnerability said by matunga:(it will crash your firefox): With NoScript, it won't.
Solution:
Reports indicate that the vendor has address this issue in Firefox 3.1 pre-release nightly builds. A fixed version of Firefox 3.0.4 will be released in the near future. |
|
| reply to matunga
Re: Firefox 3.0.3 remote null pointer DoS vulnerability So, you go to a web site and it crashes your browser, if you go back it crashes it again. After a few tries you reliase that if you don't go back to the site again it will stop your browser crashing.
That is a minor bug,it is not a high severity security issue. |
|
| It does not affect version 2 series. used 2.0.0.17. I agree with both SUMware and Alphanet. |
|
 Elite
join:2002-10-03
Orange, CT | reply to matunga
Yeah, considering this is just a DoS, there isn't much to worry about in terms of it being an actual "security threat" to anybody.
Now if you could get it to run shellcode... that's another story. This would actually pose a problem, considering you could exploit the said vulnerability and make FF run whatever payload you'd like.
--
QUAD!!!! |
|
 GILXA1226Premium,MVM
join:2000-12-29
London, OH | reply to matunga
Re: Firefox 3.0.3 remote null pointer DoS vulnerability doesn't affect anything before 3.0.3... kind of pointless if you ask me. |
|
 BeesTeaNetwork JanitorPremium,VIP
join:2003-03-08
00000 | reply to matunga
Wow, thanks for pointing this vulnerability out!
For a second, I was relieved to see that it wasn't Microsoft Internet Explorer 7 affected. That relief was short lived though. Your post about this Open-Source web browser made me compare the security track records of my version of Microsoft Internet Explorer and this Open-Source solution.
»secunia.com/advisories/product/19089/
»secunia.com/advisories/product/12366/
Wow! I had no idea Microsoft Internet Explorer 7 had over four times the vulnerabilities as this Open-Source solution. With 32% of the reported vulnerabilities un-patched! The worst of which is rated moderately critical!!.
Thanks so much for this great thread. Had this issue not been brought to my attention by your informative post, I might still be planning to continue my use of Internet Explorer. There will be none of that for me though, I'm moving to this Open-Source browser. It looks to be the safest by far!
Those open-source guys really owe you, you might be their best advertiser!
Thanks matunga  !
--
Overpower, overcome. |
|
 CabalPremium
join:2007-01-21
Austin, TX
 ·Suddenlink
| Good info, thanks for the heads up.
--
Why did Obama sue Citibank under the CRA to force it to make bad loans? |
|
 rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA | reply to SUMware
Re: Firefox 3.0.3 remote null pointer remote DoS vulnerability I can confirm that it will not crash Firefox 3.0.3 if NoScript is installed. I did not allow the page in NoScript, because I already knew it was dangerous  |
|
| reply to BeesTea
Re: Firefox 3.0.3 remote null pointer DoS vulnerability Thanks for that info. I knew IE has un-patched vulnerabilities but never thought there were so many. |
|
Reviews:
·Comcast
1 edit | reply to BeesTea
Wait your kidding.... no your not. Holy Cow I too never had any idea IE 7 had FOUR TIMES the vulnerabilities than firefox. Man from some of the posts here I would have thought the opposite. Thanks for clearing that up for us BeesTea I for one thank you. I guess the OP may wish to read your links.
|
|
BeesTeaNetwork JanitorPremium,VIP
join:2003-03-08
00000 | Thanks!
Though really, all the thanks go to matunga . Once again they've let us know about these safer, Open-Source, alternatives to vulnerable software.
Thanks again matunga , you've really helped me realize the security of these Open-Source projects like Firefox. If it weren't for your posts here, I'd still be using the Microsoft equivalent!
--
Overpower, overcome. |
|
4 edits | reply to matunga
Your expolit did not crash firefox, on my machines.
--
Sig? What Sig? |
|
| reply to matunga
Firefox 3.0.3 on linux ubuntu crashed too  |
|
 EUSKill cancerPremium
join:2002-09-10
canada
1 edit | reply to matunga
Re: Firefox 3.0.3 remote null pointer DoS vulnerability nm |
|
