Firefox 3.0.3 remote null pointer DoS vulnerability in Security

Firefox 3.0.3 remote null pointer DoS vulnerability in Security http://www.dslreports.com/forum/r21198202 en Sun, 06 Dec 2009 02:37:23 EDT Sun, 06 Dec 2009 02:37:23 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21226032 EUS : nm]]> http://www.dslreports.com/forum/remark,21226032 Mon, 06 Oct 2008 22:05:13 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21223773 anon : Firefox 3.0.3 on linux ubuntu crashed too :(]]> http://www.dslreports.com/forum/remark,21223773 Mon, 06 Oct 2008 19:52:14 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21206856 33591094 : Your expolit did not crash firefox, on my machines.

--
Sig? What Sig?]]> http://www.dslreports.com/forum/remark,21206856 Thu, 02 Oct 2008 20:42:46 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21205826 BeesTea : Thanks!

Though really, all the thanks go to matunga

. Once again they've let us know about these safer, Open-Source, alternatives to vulnerable software.

Thanks again matunga

, you've really helped me realize the security of these Open-Source projects like Firefox. If it weren't for your posts here, I'd still be using the Microsoft equivalent!
--
Overpower, overcome.]]> http://www.dslreports.com/forum/remark,21205826 Thu, 02 Oct 2008 17:46:55 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21205684 WeenieBoy : Wait your kidding.... no your not. Holy Cow I too never had any idea IE 7 had FOUR TIMES the vulnerabilities than firefox. Man from some of the posts here I would have thought the opposite. Thanks for clearing that up for us BeesTea I for one thank you. I guess the OP may wish to read your links.

;)]]> http://www.dslreports.com/forum/remark,21205684 Thu, 02 Oct 2008 17:26:35 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21205356 tomazyk :

said by BeesTea

:

»secunia.com/advisories/product/19089/

»secunia.com/advisories/product/12366/

Wow! I had no idea Microsoft Internet Explorer 7 had over four times the vulnerabilities as this Open-Source solution. With 32% of the reported vulnerabilities un-patched! The worst of which is rated moderately critical!!.

Thanks for that info. I knew IE has un-patched vulnerabilities but never thought there were so many.]]> http://www.dslreports.com/forum/remark,21205356 Thu, 02 Oct 2008 16:20:51 EDT Re: Firefox 3.0.3 remote null pointer remote DoS vulnerability http://www.dslreports.com/forum/remark,21204873 rcdailey : I can confirm that it will not crash Firefox 3.0.3 if NoScript is installed. I did not allow the page in NoScript, because I already knew it was dangerous ;-)]]> http://www.dslreports.com/forum/remark,21204873 Thu, 02 Oct 2008 15:02:07 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21204430 Cabal :

said by BeesTea

:

For a second, I was relieved to see that it wasn't Microsoft Internet Explorer 7 affected. That relief was short lived though. Your post about this Open-Source web browser made me compare the security track records of my version of Microsoft Internet Explorer and this Open-Source solution.

»secunia.com/advisories/product/19089/

»secunia.com/advisories/product/12366/

Good info, thanks for the heads up.
--
Why did Obama sue Citibank under the CRA to force it to make bad loans?]]> http://www.dslreports.com/forum/remark,21204430 Thu, 02 Oct 2008 14:00:09 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21204256 BeesTea : Wow, thanks for pointing this vulnerability out!

For a second, I was relieved to see that it wasn't Microsoft Internet Explorer 7 affected. That relief was short lived though. Your post about this Open-Source web browser made me compare the security track records of my version of Microsoft Internet Explorer and this Open-Source solution.

»secunia.com/advisories/product/19089/

»secunia.com/advisories/product/12366/

Wow! I had no idea Microsoft Internet Explorer 7 had over four times the vulnerabilities as this Open-Source solution. With 32% of the reported vulnerabilities un-patched! The worst of which is rated moderately critical!!.

Thanks so much for this great thread. Had this issue not been brought to my attention by your informative post, I might still be planning to continue my use of Internet Explorer. There will be none of that for me though, I'm moving to this Open-Source browser. It looks to be the safest by far!

Those open-source guys really owe you, you might be their best advertiser!

Thanks matunga

!
--
Overpower, overcome.]]> http://www.dslreports.com/forum/remark,21204256 Thu, 02 Oct 2008 13:34:12 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21203067 GILXA1226 : doesn't affect anything before 3.0.3... kind of pointless if you ask me.]]> http://www.dslreports.com/forum/remark,21203067 Thu, 02 Oct 2008 10:08:25 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21200733 Elite : Yeah, considering this is just a DoS, there isn't much to worry about in terms of it being an actual "security threat" to anybody.

Now if you could get it to run shellcode... that's another story. This would actually pose a problem, considering you could exploit the said vulnerability and make FF run whatever payload you'd like.
--
QUAD!!!!]]> http://www.dslreports.com/forum/remark,21200733 Wed, 01 Oct 2008 20:12:24 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21199578 WeenieBoy : It does not affect version 2 series. used 2.0.0.17. I agree with both SUMware and Alphanet.]]> http://www.dslreports.com/forum/remark,21199578 Wed, 01 Oct 2008 16:44:54 EDT Re: Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21199391 Alphanet : So, you go to a web site and it crashes your browser, if you go back it crashes it again. After a few tries you reliase that if you don't go back to the site again it will stop your browser crashing.

That is a minor bug,it is not a high severity security issue.]]> http://www.dslreports.com/forum/remark,21199391 Wed, 01 Oct 2008 16:06:41 EDT Re: Firefox 3.0.3 remote null pointer remote DoS vulnerability http://www.dslreports.com/forum/remark,21198278 SUMware :

said by matunga

:

(it will crash your firefox):

With NoScript, it won't.

Solution:
Reports indicate that the vendor has address this issue in Firefox 3.1 pre-release nightly builds. A fixed version of Firefox 3.0.4 will be released in the near future.]]> http://www.dslreports.com/forum/remark,21198278 Wed, 01 Oct 2008 12:39:15 EDT Firefox 3.0.3 remote null pointer DoS vulnerability http://www.dslreports.com/forum/remark,21198202 matunga : »www.milw0rm.com/exploits/6614

Severity: High

Description:
The mozilla firefox is vulnerable to user interface event dispatcher null
pointer dereference denial of service attacks. The dispatched event created
dynamically leads to firefox crash when it is called directly or in a
defined l
oop with number of generated user interface events.The resultant crash
results in:

a fully working exploit is available here (it will crash your firefox):
»www.secniche.org/moz303/index.html]]> http://www.dslreports.com/forum/remark,21198202 Wed, 01 Oct 2008 12:28:03 EDT