Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Mozilla Firefox 3.6.12 Remote Denial Of Service SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mozilla Firefox 3.6.12 Remote Denial Of Service

Thanks to our reader Seb for the heads up about a remote denial of service vulnerability within Firefox 3.6.12.

There are a number of sites showing the exploit code which has been developed by Italian members of the BackTrack project.

I'll not publish the code here as its easily found with your favourite search engine, but below is a screen shot showing the impact of the code on a fully patched Mac OSX 10.6.5 system.


Firefox Crash image 


Diary updated after contact with Emanuele Gentili. 


89 Posts
Nov 15th 2010
You are obviously clueless.
That exploit is publicly available on the Exploit Database -

And if you haven't heard about BackTrack...well, you shouldn't be in the security field.
You're jumping all over this guy, anonymously, for not knowing Backtrack IT and the Backtrack distro are associated with each other?

And to your first point about him not linking to it? Come on troll, just because the guy is morally different from you doesn't mean he's an idiot.
Hey anonymous, ever hear of this saying?

"Better to remain silent and be thought a fool than to speak out and remove all doubt."
Can someone clarify/verify. Is this only effecting 3.6.12 or 3.6.12 and below?
The exploit DB entry says <= 3.6.12

2 Posts
To throw some additional, hopefully useful, information back into the mix...

I just tested on Win 7 with 3.5.15 (included in <= 3.6.12) and 4.0 b7 and both, once I disabled NoScript, crashed.

5 Posts

Sign Up for Free or Log In to start participating in the conversation!