Show tagged entries
Twitter

Older stuff
Cool Buttons for Opera
March 13 2007
Blogvertisement
September 30 2006
Get µTorrent working perfectly in Ubuntu
September 21 2006
Spore - the next big thing
March 8 2006
Yet Another Podcast
February 6 2006
Ubuntu conquers the world
November 1 2005
Syndicate This Blog
BLOG ROLL
Waublog (en)
stereophone (de)
Z! Podcast (de)
Shirts drucken (de)
Buttons
Opera
Ubuntu - Linux for Human Beings
Stories I dugg
wishlist

Serendipity

I want a pony!
I want a pony!
License
Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License
PostDateIcon Tuesday, October 18. 2005

Firefox crashes

In a recent security comment at Whitedust Security an exploit was posted which will make all versions of Firefox and Thunderbird crash (100% CPU usage). So if you you want to mess with FF users include this in your homepage: ;-)

<strong>
  <sourcetext>
    Goodbye FF
  </sourcetext>
</strong>

Try it here. This seems to be an error in the Gecko rendering engine and should be quick to fix, so lets hope there's an update out soon. Not because of the danger that you would surf to sites including the above code, but surely there will be some jokers sending around spam including this HTML-snipped and making Thunderbird crash.

Some browser vulnerability statistics from secunia.com
Internet Explorer (20/86 unpatched)
Mozilla Firefox (3/25 unpatched)
Opera (0/8 unpatched)

Later
Matthias

Posted by dakira in Techie Stuff at 16:56 | Comments (4) | Trackbacks (0)

Bookmark Firefox crashes at del.icio.us Digg Firefox crashes Technorati Firefox crashes Bookmark Firefox crashes at blogmarks wong it! Bookmark using any bookmark manager! Stumble It!

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Exploit? So now days when you find a bug tha crashes a program, you can call it a "Security Comment" and an "Exploit"?

You can kill IE with a one liner HTML code (search google for it), yet no one is claiming an exploit.

Sheesh.

#1 Jed (Homepage) on 2005-10-20 04:08 (Reply)

Hi Jed,

I'm a firefox user myself and I didn't use those words. I wrote "comment" in italic because those were the words of Whitedust Security (they said: this is a comment and not an advisory).

The story is: this bug was considered minor back in 2003. Now think spam containing this code crashing thousands of Thunderbirds out there. This is not so minor I think.

This bug seems to be a big problem. I heard some "internal" rumors that is is very hard to fix because it is impossible to locate without huge code reviews. But thats just rumors.

#1.1 dakira (Homepage) on 2005-10-20 15:48 (Reply)

Don't think it will be too big of a problem. Firefox 1.5 Beta 2 isn't affected so I would assume that the beta release of Thunderbird probably isn't affected either. Hopefully Mozilla will release version 1.5 of both of them soon and this security comment will cease being important. Then again, I'm sure thousands of users probably won't update right away, but having the program crash might be a good way to get people updating :-)

#2 John (Homepage) on 2005-10-21 05:41 (Reply)

Just to confirm, it's definitely fixed in 1.5.0.1.

-FM

#3 FunnyMan on 2006-02-05 13:46 (Reply)

Add Comment

Markdown format allowed
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
 
 

2010 YuMDaP.net's blog | entries (RSS) | Comments (RSS) |  Theme xcur