Toufeeq Hussain wrote: >> Security Advisory (Reclassification) :: CT21-11-2005 >> ----------------------------------------------------- >> >> Title: Microsoft Internet Explorer JavaScript Window() >> Vulnerability > > Is it just me or did this exploit just DOS'ed my Firefox 1.0.7(Debian > Linux). > Just try the Windows XP Link given in the POC URL. > Firefox just hung with 100% CPU utilization.
This does DOS Firefox (and the Mozilla Suite), tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=317334 The problem appears to be related to trying to reflow Bi-directional text, we've chunked the 200K character prompt dialog into 66K internal chunks and appear to have a really sucky algorithm for doing so. Eventually Firefox will show the prompt dialog and continue on normally (where eventually can be up to a couple of minutes). -Dan Veditz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
