A non-critical bug in the Mozilla FireFox browser can be used to trigger
a Denial of Service (DoS) attack, according to Whitedust Security.
Whitedust Security has publicly posted proof of concept exploit code as
well as simple test link here to
prove its assertion.
The bug that the exploit code triggers is not unknown to Mozilla. Since August, it has been listed on Bugzilla, Mozilla’s bug tracking system.,
Bugzilla Bug 303433 was originally reported by Tom Ferris of security-protocols.com and has the title of “Firefox 1.0.6 segfaults on this malformed .html page.”
Security firm Secunia posted an advisory on the bug on October 10th, and gave the “Mozilla Firefox Iframe Size Denial of Service Weakness,” bug a rating of “non-critical.”
The bug apparently affects the current version of Firefox 1.0.7 and
below. The Beta 2 release of FireFox 1.5 has fixed the bug in question.
“The ability to crash a browser repeatedly may not be a critical bug, but
it may be possible that given more time the denial of service could be
leveraged into a more serious attack,” Whitedust’s Mark Anderson told
internetnews.com. “If the bug can only be used to crash the browser, then it
is rather trivial and not worth rating as critical.”
Some have argued that a browser crash is not actually a DoS, Anderson
“By definition, this bug is clearly a denial of service,” Anderson said. “By
causing the browser to crash, the flaw is interrupting the user’s browsing,
in fact destroying all active sessions and in essence, denying service.”