Mozilla Firefox Infinite Array Sort Denial Of Service Vulnerability

Mozilla Firefox is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.

It is not known if other Mozilla products or Gecko-based browsers are affected by this vulnerability.

Vulnerable:
Mozilla Firefox Preview Release
Mozilla Firefox 0.8
Mozilla Firefox 0.9 rc
Mozilla Firefox 0.9
Mozilla Firefox 0.9.1
Mozilla Firefox 0.9.2
Mozilla Firefox 0.9.3
Mozilla Firefox 0.10
Mozilla Firefox 0.10.1

The above is discovered by Berend-Jan Wever.

http://www.securityfocus.com/bid/11752/discussion/

Leave a Reply