Gentoo Linux Security Advisory GLSA 200507-17
- - - - - - - - - - - - - - - - - - - - - - - - [...]
Problem Description:
A number of vulnerabilities were reported and fixed in Firefox 1.0.5
and Mozilla 1.7.9. The following vulnerabilities have been backported
and patched for this update:
In several places the browser UI did not correctly distinguish between
true user events, such as mouse clicks or keystrokes, and synthetic
events genenerated by web content. [...]
Vendor:
Mozilla (http://www.mozilla.org)
Vulnerable Software:
Mozilla 1.7.8
Firefox 1.0.4
Camino 0.8.4
Vulnerability/Exploit:
By using a specially crafted JavaScript function, it is possible to
crash the above named browsers. The script can be executed both with and
without user intervention.
Proof of Concept:
—–START of PoC—–
//Run the function 20000 times
[...]
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jun | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||