A few days ago we saw a notice on a mailinglist about a PoC which makes a DoS possible on (again) Firefox. We contacted the guy who posted it (n00b) and asked him what it does.

It seems like it uses an old bug in Firefox, it exploits the way Firefox handles multiple html tags.

We’ve tested this on Windows XP without Service Packs, with SP1 and SP2 and it crashes Firefox. On Linux however it spikes the load, but it doesn’t crash Firefox, and on my Apple (Mac OS X Version 10.4.6) it does the same as on Linux.

But this doesn’t mean that it isn’t a bad bug, and the Firefox developers really need to get this fixed.

The PoC is available here, but remember that it can crash your Firefox!

This entry was posted on Thursday, June 1st, 2006 at 21:38 and is filed under Other. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.