Mozilla Firefox 3.0.10 - 'nsViewManager.cpp' Denial of Service

EDB-ID:

33042


Platform:

Linux

Published:

2009-05-11

source: http://www.securityfocus.com/bid/35413/info

Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.2 through 3.0.10 are vulnerable. 

Start Firefox
Open new tab
Go to a space
Open "Create a new document" in a new tab
Click Continue (Write a New Document)
Enter any name for the document like "test123" for the document
Switch to HTML
Paste attached HTML as the content
Click Publish
Quit Firefox & click "Save and Quit"
(edit sequence:)
Start Firefox (which should open two tabs from previous session)
Click OK to any authentication windows that pop up.
Click to focus on the second tab
Click on "Edit document" link
*CRASH*