300175 - Javaprxy exploit hangs firefox and operating system

Status: VERIFIED DUPLICATE of bug 299564

(Firefox :: Security, defect)

Description

[Michele Della Guardia]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Opening a proper html page generated from javaprxy exploit code (see
FrSIRT/ADV-2005-0935 - IE related exploit), Firefox starts eating cpu cycles and
ram memory taking the system to be heavily unusable. 

Reproducible: Always

Steps to Reproduce:
1. Go to: http://www.frsirt.com/exploits/20050702.iejavaprxyexploit.pl.php
2. Download the perl file and run it to generate a proper html file which
contains the exploit
3. Open it with Firefox

Actual Results:  
Firefox was not responsive anymore and operating system wasn't too.

Expected Results:  
I expected a page reporting this statement :

Microsoft Internet Explorer javaprxy.dll COM Object Remote Exploit by the FrSIRT
< http://www.frsirt.com > Solution
http://www.frsirt.com/english/advisories/2005/0935

I had to open a shell to kill the process to restore, but I could not prove if
the exploit opened a port on my system. Neither I could understand if this issue
strictly depends on Firefox or Java or Linux itself. So I really don't know if
this is a security issue or not. I'm just reporting, sure that someone here will
clarify what I've just experienced.
Many thanks for your great work !

Comment 1

[Daniel Veditz [:dveditz]]

No real point in the confidential flag if you've gotten the information from a
public website.

*** This bug has been marked as a duplicate of 299564 ***