Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Mozilla Firefox 3.6.12 Remote Denial Of Service - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Mozilla Firefox 3.6.12 Remote Denial Of Service

Thanks to our reader Seb for the heads up about a remote denial of service vulnerability within Firefox 3.6.12.

There are a number of sites showing the exploit code which has been developed by Italian members of the BackTrack project.

I'll not publish the code here as its easily found with your favourite search engine, but below is a screen shot showing the impact of the code on a fully patched Mac OSX 10.6.5 system.

 

Firefox Crash image 

 

Diary updated after contact with Emanuele Gentili. 

Stephen

89 Posts
ISC Handler
You are obviously clueless.
That exploit is publicly available on the Exploit Database - http://www.exploit-db.com/exploits/15498/

And if you haven't heard about BackTrack...well, you shouldn't be in the security field.
Anonymous
You're jumping all over this guy, anonymously, for not knowing Backtrack IT and the Backtrack distro are associated with each other?

And to your first point about him not linking to it? Come on troll, just because the guy is morally different from you doesn't mean he's an idiot.
Anonymous
Hey anonymous, ever hear of this saying?

"Better to remain silent and be thought a fool than to speak out and remove all doubt."
Anonymous
Can someone clarify/verify. Is this only effecting 3.6.12 or 3.6.12 and below?
Anonymous
The exploit DB entry says <= 3.6.12
Justin

2 Posts
To throw some additional, hopefully useful, information back into the mix...

I just tested on Win 7 with 3.5.15 (included in <= 3.6.12) and 4.0 b7 and both, once I disabled NoScript, crashed.
Ben

5 Posts

Sign Up for Free or Log In to start participating in the conversation!