Mozilla Firefox 3.6.12 Remote Denial Of Service

Published: 2010-11-15
Last Updated: 2010-11-15 15:02:05 UTC
by Stephen Hall (Version: 1)
6 comment(s)

Thanks to our reader Seb for the heads up about a remote denial of service vulnerability within Firefox 3.6.12.

There are a number of sites showing the exploit code which has been developed by Italian members of the BackTrack project.

I'll not publish the code here as its easily found with your favourite search engine, but below is a screen shot showing the impact of the code on a fully patched Mac OSX 10.6.5 system.

 

Firefox Crash image 

 

Diary updated after contact with Emanuele Gentili. 

Keywords: firefox
6 comment(s)

Comments

You are obviously clueless.
That exploit is publicly available on the Exploit Database - http://www.exploit-db.com/exploits/15498/

And if you haven't heard about BackTrack...well, you shouldn't be in the security field.
You're jumping all over this guy, anonymously, for not knowing Backtrack IT and the Backtrack distro are associated with each other?

And to your first point about him not linking to it? Come on troll, just because the guy is morally different from you doesn't mean he's an idiot.
Hey anonymous, ever hear of this saying?

"Better to remain silent and be thought a fool than to speak out and remove all doubt."
Can someone clarify/verify. Is this only effecting 3.6.12 or 3.6.12 and below?
The exploit DB entry says <= 3.6.12
To throw some additional, hopefully useful, information back into the mix...

I just tested on Win 7 with 3.5.15 (included in <= 3.6.12) and 4.0 b7 and both, once I disabled NoScript, crashed.

Diary Archives