AOH :: HP Unsorted F :: B1A-1066.HTM

Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities



Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities




Title: Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities

0x01. Description:
Memory exhaustion of Firefox 3.6.3 (latest) <= makes firefox can't make texts into body element and then it crashed. 
( raise exception using PoC #1, lower memory area read access violation using PoC #2 )
Ofcourse an variation PoC made NULL Pointer deref so may also could be code execution ( 0.1 % ). :-)

URL: http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt 

Vendor Status: unpatched. ( to now... doesn't exists any reliable exploit so i disclosed to bugtraq firstly )

0x02. Proof of Concepts:

[PoC #1 - firefox_3.6.3_dos_poc_1.htm] --






[PoC #2 - firefox_3.6.3_dos_poc_2.htm] --

Thank you bugtraq securityfocus.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.