Mozilla Firefox ‘keygen’ HTML Tag DoS Vulnerability

Mozilla Firefox is prone to a remote denial-of-service vulnerability.
Successful exploits can allow attackers to cause the browser to stop responding, thus denying service to legitimate users.

Vulnerable:  Mozilla Firefox 3.0.10

Disclosure timeline

14/12/2008 : Created bugzilla entry (security) with (the wrong) proof of concept file.

14/12/2008 : Attached the correct POC file (mea culpa) and a stack trace and details of memory corruption that repeatitly occured during testing the POC

24/12/2008 : comments : "I can definitely confirm the denial of service aspect, and there’s a very minor memory leak (after 9 hours of CPU time memory use went from 60MB to 360MB). Haven’t been able to reproduce a crash."

27/05/2009 : The 4 month grace period [2] given is reached. Release of this advisory.

Leave a Reply