Mozilla Firefox ‘keygen’ HTML Tag DoS Vulnerability

Mozilla Firefox is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to cause the browser to stop responding, thus denying service to legitimate users.

Vulnerable:  Mozilla Firefox 3.0.10 

http://www.securityfocus.com/bid/35132/discuss

Disclosure timeline

DD/MM/YYYY
14/12/2008 : Created bugzilla entry (security) with (the wrong) proof of concept file.

14/12/2008 : Attached the correct POC file (mea culpa) and a stack trace and details of memory corruption that repeatitly occured during testing the POC

24/12/2008 : dveditz@mozilla.com comments : "I can definitely confirm the denial of service aspect, and there’s a very minor memory leak (after 9 hours of CPU time memory use went from 60MB to 360MB). Haven’t been able to reproduce a crash."

27/05/2009 : The 4 month grace period [2] given is reached. Release of this advisory.

http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html

Leave a Reply