On 2 Nov 2006 16:43:35 -0000, koenig@xxxxxxxxxxxxxxxxxx <koenig@xxxxxxxxxxxxxxxxxx> wrote:
<!-- Do 2 Nov 16:35:53 CET 2006 Vulnerable: Firefox 1.5.0.7 and probably versions below Impact: DoS (perhaps Code Execution) As Firefox 2.0 was released a few days ago... A "new" Exploit for the old version! The great Firefox! ;D On Kubuntu Linux the exploits does not just kill firefox but freezes the whole system! Probably it will also freeze other distros! If the URL is bigger than 4092 bytes, Firefox crashes! The URL in the following code is 4093 bytes! Greets: Oli Always looking for a nice talk: http://d-e-k-a-d-e-n-t.de/blog
Could not replicate this on Firefox 1.5.0.7 on Ubuntu 6.06. Tried with 8k of 'a''s even and no luck: perl -e "print '<html><body><a href=\"http://' . 'a'x8192 . '.de\">DoS</a></body></html>'" > test.html If I click on the link and go up to my address bar, I can see that it even manages to pass along the entire thing up to the '.de'. -- Robert Wesley McGrew http://cse.msstate.edu/~rwm8/
