Cette aprem j’ai trouvé ca :
-------------------------------------------------
Gotfault Security - Advisory #05 - 27/10/06
-------------------------------------------------
Software : Firefox
Homepage : http://www.mozilla.com/
Vulnerable : 1.5.0.7 and below, 2.0
Risk : Moderate
Impact : Denial of Services (Code execution not verified)
-------------------------------------------------
DESCRIPTION
-------------------------------------------------
Mozilla Firefox is prone to a D.O.S within its javascript Range object. In a
special condition, a NULL Pointer Deference occur and Firefox crashes.
From DOM MDC:
"The Range object represents a fragment of a document that can contain nodes
and parts of text nodes in a given document."
A Range object can be initialized using the selectNode method, that selects a
node to be inserted within a Range. A Range can also be used to create document
fragments using the createContextualFragment method. Below is an example of
using such a method, from DOM MDC:
As can be seen, a range is created using the createRange document method and
then is initialized using the selectNode method against some element within
the current document. At this point createContextualFragment can be used to
create document fragments, that can be inserted into the document.
Mozilla Firefox does not proper handle when a DOCUMENT_TYPE_NODE ( element is passed to selectNode method and trigger a NULL Pointer deference
when calling createContextualFragment method.
-------------------------------------------------
POC
-------------------------------------------------
This POC code crashes Mozilla Firefox:
--- snip ---
Following is the GDB session registered in the crash moment, tested agains Firefox 2.0 official release:
....
Pour sécurité je ne diffuse pas la suite de l’exploit, je viens de faire planter mon firefox une dizaine de fois en mettant le code dans mon post !
Si vous le voulez il est ici
Bref Firefox 2.0 avec plus de sécurité ? pas si sur… !!
Both comments and pings are currently closed.
Articles par RSS 
