Securityview
Poll

    What's your opinion about the actions of DieselScripts?

    See this story if you missed it!


    View Results

    View or give your comment

Alerts
  • requested list not available
Active Virus Alerts by Kaspersky
  • requested list not available

  • If empty no active alerts are available!

Securityview 7 currently online
22 maximum concurrent
447442 total visitors

Updated: Confirmed bug in Firefox 1.5.0.3

We have confirmed a bug in Firefox 1.5.0.3 with DoS possibilities. When you download the source of the following page you will see what it does. It will open 100 mailforms, so be cautions when you open the link!

Source: http://www.securityfocus.com/archive/1/433534/30/30/threaded
Update:

One way to mitigate this: set
“network.protocol-handler.warn-external.mailto’ to ‘true’ (its false by
default). This will show a popup dialog whenever a mailto link is
clicked (or opened in your case) instead of launching the mail
application right away. You still need to click the button 100 times,
but at least the system stays responsive.
Thanks to the guys at isc.sans.org for this workaround!

Update 2: Guys, this is a PoC, do you understand what it can do? Now it opens ~100 mailwindows, but what if it does a lot worse, just because the img xsrc= tag can be used to open allmost everything?

85 Responses to “Updated: Confirmed bug in Firefox 1.5.0.3”

Leave a Reply