An Interesting Firefox Flaw
Ronald van den Heetkamp has published information about an interesting heap corruption in Firefox.
Put simply, it has been discovered that merely running document.open, document.write and document.close in close succession can sometimes lead to code not being executed prior to the document being closed (the obviously named document.close method) and some inconsistent behaviour from Firefox. The interesting aspect of what Ronald has discovered is that if he uses an empty applet then it leads to a fairly predictable denial of service after a couple of minutes after attempting to load the initial code element. Based on the information provided, it is predictable from the point of view that it can be assumed the browser will be unresponsive within a few minutes of loading the code, even if the underlying mechanism of just how the code is causing the failure is not understood.
Although Ronald has not developed his example to the point of executing code, the sample gives an easy starting point for further investigation and develeopment. It is true that every heap corruption isn't going to end in arbitrary code execution, but on initial view it does seem possible with this particular vulnerability. At the moment it is an interesting and simple denial of service vulnerability.
23 May 2008
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.