An anonymous reader writes "Whitedust Security are reporting on a new exploit for Firefox which apparently affects all versions of the browser from 1.0.7 down. From the article: "If this exploit has made it out into, or indeed been retrieved from the wild is unknown at this time. However it is clear that this exploit will indeed need patching as soon as possible.""Ads_xl=0;Ads_yl=0;Ads_xp='';Ads_yp='';Ads_xp1='';Ads_yp1='';Ads_par='';Ads_cnturl='';Ads_prf='page=article';Ads_channels='RON_P6_IMU';Ads_wrd='mozilla,worms,it';Ads_kid=0;Ads_bid=0;Ads_sec=0; Mozilla Firefox 1.0.7 DoS Exploit Log in/Create an Account | Top | 417 comments (Spill at 50!) | Index Only | Search Discussion Display Options Threshold: -1: 417 comments 0: 396 comments 1: 303 comments 2: 202 comments 3: 62 comments 4: 36 comments 5: 27 comments Flat Nested No Comments Threaded Oldest First Newest First Highest Scores First Oldest First (Ignore Threads) Newest First (Ignore Threads) The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way. Brilliant header! by brian0918 (Score:2) Monday October 17, @09:28AMRe:Brilliant header! by rincebrain (Score:1) Monday October 17, @09:29AMRe:Brilliant header! by FidelCatsro (Score:3) Monday October 17, @09:36AMRe:Brilliant header! by Anonymous Coward (Score:1) Monday October 17, @10:23AM1 reply beneath your current threshold.1 reply beneath your current threshold.Re:Brilliant header! by BorgCopyeditor (Score:2) Monday October 17, @02:46PM2 replies beneath your current threshold. Re:Brilliant header! (Score:5, Informative) by Hey Pope Felcher . . (921019) on Monday October 17, @09:30AM (#13808615) . . . RTFA, milw0rm.com have released proof of concept code for a denial of service exploit which apparently affects all versions of the Mozilla Foundations popular Firefox browser from version 1.0.7 downward. Remember, on Slashdot always read the article, it is generally only a coincidence if the summary has any bearing on the actual linked text. [ Reply to This | ParentRe:Brilliant header! by LnxAddct (Score:2) Monday October 17, @09:44AMRe:Brilliant header! by SteveAyre (Score:1) Monday October 17, @10:00AMRe:Brilliant header! by 9-bits.tk (Score:1) Monday October 17, @02:13PMRe:Brilliant header! by NickFitz (Score:3) Monday October 17, @11:00AMRe:Brilliant header! by kubevubin (Score:1) Monday October 17, @07:37PMRe:Brilliant header! by kubevubin (Score:1) Monday October 17, @07:45PM4 replies beneath your current threshold.Re:Brilliant header! by ShadowFlyP (Score:2) Monday October 17, @09:35AMRe:Brilliant header! by thesnarky1 (Score:1) Monday October 17, @09:56AM1 reply beneath your current threshold.Re:Brilliant header! by DrSkwid (Score:3) Monday October 17, @10:38AMRe:Brilliant header! by dolphinling (Score:2) Monday October 17, @12:18PMRe:Brilliant header! by TFGeditor (Score:2) Monday October 17, @05:16PM5 replies beneath your current threshold. totally off guard (Score:5, Informative) by Tufriast (824996) * on Monday October 17, @09:29AM (#13808600) I checked out the Mozilla site -- not a peep about it. I made a post there. I figure this one totally right hooked them. It's a pretty massive crash. Just makes the whole browser lock up. At least I know they'll fix it fast though...I think in 24 hours we'll see a turn around.Anyone try this with version 1.5? [ Reply to This Re:totally off guard (Score:5, Informative) by tbspit (460062) on Monday October 17, @09:30AM (#13808614) (http://tspiteri.org/) Version 1.5 is not affected. [ Reply to This | Parent Re:totally off guard (Score:5, Funny) by nmb3000 (741169) on Monday October 17, @12:57PM (#13810038) (http://www.khaaan.com/ | Last Journal: Saturday May 14, @05:14AM) Version 1.0.7 on XP sure is. Crashed and burned bad.Don't worry about it guys. I sent Microsoft an Error Report so I'm sure they'll get right on the problem as well. [ Reply to This | Parent1 reply beneath your current threshold. Not too big a deal (Score:5, Insightful) by Dr. Evil (3501) on Monday October 17, @09:31AM (#13808624) (Last Journal: Friday July 15, @05:05PM) There isn't much incentive for malicious people to crash people's browsers.The wording from the security company has me thinking they're just trying to make a name for themselves. [ Reply to This | ParentRe:Not too big a deal by Anonymous Coward (Score:1) Monday October 17, @09:37AMRe:Not too big a deal by dolphinling (Score:2) Monday October 17, @12:21PMRe:Not too big a deal by gromitcode (Score:1) Monday October 17, @09:42AM Re:Not too big a deal (Score:5, Informative) by sqlrob (173498) on Monday October 17, @09:48AM (#13808761) Look at the source. It's an unclosed tag, so it's likely an infinite loop. [ Reply to This | Parent Re:Not too big a deal (Score:5, Insightful) by stevey (64018) on Monday October 17, @09:48AM (#13808763) (http://www.debian-administration.org/) Not necessarily.I reported some DOS bugs against firefox which will kill a browser by essentially saying:Give me a table of 1000000 rows and 1000000 columns.The browser dies. Probably because it attempts to either a) allocate all the system's memory and the kernel kills it, or b) at some point memory allocation fails and the program terminates.Not all crashes are buffer overflows, or exploitable. Kill Your Browser [steve.org.uk] [ Reply to This | Parent Re:Not too big a deal (Score:4, Informative) by Mattwolf7 (633112) on Monday October 17, @10:05AM (#13808867) (http://wolfzorn.blogspot.com/) I followed your "Kill Your Browser" link clicked on everything. And this is the same window that was supposed to be killed...I dunno but those must be Windows specific, I am running Gentoo with FF 1.0.7 [ Reply to This | ParentRe:Not too big a deal by Kimos (Score:3) Monday October 17, @10:30AMRe:Not too big a deal by ojustgiveitup (Score:1) Monday October 17, @12:41PM1 reply beneath your current threshold. Re:Not too big a deal (Score:4, Informative) by Anthracks (532185) on Monday October 17, @10:40AM (#13809072) (http://www.nutnr.com/) None of them fazes 1.5 beta builds either as far as I can tell, at least on Windows 2000 here at work. No trouble at all loading any of those pages. [ Reply to This | ParentRe:Not too big a deal by Vicsun (Score:1) Monday October 17, @11:05AMRe:Not too big a deal by stevey (Score:1) Monday October 17, @11:19AMRe:Not too big a deal by confuted (Score:2) Monday October 17, @11:01AM Re:Not too big a deal (Score:4, Informative) by Blkdeath (530393) <(blackdeath) (at) (snerk.org)> on Monday October 17, @11:37AM (#13809480) (http://stewart.snerk.org/) I followed your "Kill Your Browser" link clicked on everything. And this is the same window that was supposed to be killed... I dunno but those must be Windows specific, I am running Gentoo with FF 1.0.7 If you follow the README [steve.org.uk] URL, you'll notice that the bugs referenced were confirmed agianst 1.0.4 and older, but are all fixed in 1.0.7.Try to keep the suppositions about Windows bugs to yourself unless you have even some inkling of understanding of the situation. It makes us all look bad. [ Reply to This | ParentRe:Not too big a deal by zootm (Score:2) Monday October 17, @11:39AMRe:Not too big a deal by Cunjo (Score:1) Monday October 17, @11:59AMRe:Not too big a deal by MaskedSlacker (Score:1) Monday October 17, @12:08PMRe:Not too big a deal by Vanishing Nerd (Score:1) Tuesday October 18, @12:45AMRe:Not too big a deal by SenFo (Score:1) Monday October 17, @12:33PMRe:Not too big a deal by nmx (Score:2) Monday October 17, @10:20AMRe:Not too big a deal by stevey (Score:1) Monday October 17, @11:22AMNo crash on 1.5b2 on Linux by Nicolas MONNET (Score:2) Monday October 17, @10:25AMRe:Not too big a deal by ianmassey (Score:1) Monday October 17, @10:26AMRe:Not too big a deal by guardian653dave (Score:1) Monday October 17, @10:34AMRe:Not too big a deal by tomatensaft (Score:2) Monday October 17, @11:30AMRe:Not too big a deal by maxwell demon (Score:3) Monday October 17, @11:31AMNo effect on 1.0.7 (Gentoo Linux) by qbasicnewbie (Score:1) Monday October 17, @01:41PMRe:Not too big a deal by pipingguy (Score:2) Monday October 17, @02:03PM3 replies beneath your current threshold.Re:Not too big a deal by Dr. Evil (Score:2) Monday October 17, @10:26AM1 reply beneath your current threshold.Re:Not too big a deal by StonedRat (Score:2) Monday October 17, @10:46AMRe:Not too big a deal by Jaseoldboss (Score:2) Monday October 17, @11:22AMExactly by Sulka (Score:2) Monday October 17, @11:25AMRe:Not too big a deal by Lucractius (Score:3) Monday October 17, @11:30AMRe:Not too big a deal by Dr. Evil (Score:2) Monday October 17, @01:44PMRe:Not too big a deal by eraserewind (Score:2) Tuesday October 18, @12:22AMRTFA by einhverfr (Score:3) Monday October 17, @12:28PM2 replies beneath your current threshold.Re:totally off guard by Anonymous Coward (Score:1) Monday October 17, @09:33AMBut... by supersocialist (Score:2) Monday October 17, @09:38AMRe:But... by leuk_he (Score:1) Monday October 17, @10:04AMRe:But... by Pneuma ROCKS (Score:3) Monday October 17, @10:21AMRe:But... by antiMStroll (Score:2) Monday October 17, @02:19PMRe:But... by DrSkwid (Score:2) Monday October 17, @10:46AMRe:But... by NanoGator (Score:2) Monday October 17, @11:40AM1 reply beneath your current threshold.1 reply beneath your current threshold.Re:totally off guard by skyshock21 (Score:2) Monday October 17, @09:41AMRe:totally off guard by TangoCharlie (Score:2) Monday October 17, @11:06AMRe:totally off guard by jml75 (Score:1) Monday October 17, @11:18AM Re:totally off guard (Score:5, Informative) by mrgavins (49262) <slashdot@NOSpAM.gavinsharp.com> on Monday October 17, @11:53AM (#13809591) (http://www.gavinsharp.com/) Maybe because it's already fixed? Maybe because it's hardly a security issue? This is bugzilla bug 210658 [mozilla.org], it was filed in 2003, and fixed for 1.5 15 months later. [ Reply to This | Parent4 replies beneath your current threshold. Thunderbird also vunerable (Score:4, Informative) by Big Nothing (229456) <big.nothing@bigger.com> on Monday October 17, @09:29AM (#13808603) Mozilla Thunderbird 1.0.6 is also vunerable. [ Reply to This1 reply beneath your current threshold.1.0.7 is affected by wo1verin3 (Score:1) Monday October 17, @09:30AMRe:1.0.7 is affected by RandomPrecision (Score:1) Monday October 17, @11:04AMRe:1.0.7 is affected by wo1verin3 (Score:1) Monday October 17, @06:03PM2 replies beneath your current threshold. How come there are so many nice hackers? (Score:5, Funny) by jkind (922585) on Monday October 17, @09:30AM (#13808609) (http://www.milliondollarsweethearts.com/) Why are there so many nice hackers in the world? Willing to spend their time finding exploits, post them, and even a "safe" example. Do they take pride in helping the surfing community? Why don't they just hijack the world's browsers and make us choose between "Yes" and "Okay" on their PayPal deposit sites?Where are the evil hackers, or have they all converted, scared about stiff http://news.bbc.co.uk/1/hi/technology/4249780.stm [bbc.co.uk] penalties? [ Reply to ThisRe:How come there are so many nice hackers? by Red_Foreman (Score:1) Monday October 17, @09:34AMRe:How come there are so many nice hackers? by jkind (Score:1) Monday October 17, @09:38AMRe:How come there are so many nice hackers? by LordSnooty (Score:1) Monday October 17, @10:26AMObviously... by supersocialist (Score:1) Monday October 17, @09:41AM Re:How come there are so many nice hackers? (Score:5, Insightful) by FirienFirien (857374) <.moc.krodcam. .ta. .etep.> on Monday October 17, @09:56AM (#13808808) Why are there so many nice hackers in the world? Because some people believe in things like morals and society? Because not everyone is corrupt? Apart from anything else there's always the chance that if someone is a 'nice' hacker then they can act as a model for others, and will get a little return on their investment of time by coming across a warning next time instead of a Yes/Okay dialog against them. People who don't want their friends/family affected, people who actually care about the world they live in. I'm surprised that you seem to believe that everyone would be malicious if they could. [ Reply to This | ParentRe:How come there are so many nice hackers? by skubeedooo (Score:1) Monday October 17, @02:05PM Re:How come there are so many nice hackers? (Score:4, Interesting) by Iriel (810009) on Monday October 17, @10:03AM (#13808859) (http://www.stevenvansickle.com/) Honestly, the evil hackers got smarter. Not all of them mind you (most of the famed worming script-kiddies still get caught). But all those malevolent 'hackers' know that cracking the world's browsers is too easy to trace or not worth the effort to keep under the radar.You know all those "Prescriptlon RXc dirugs 4for l0w coest!" emails? That just came specially delivered to you courtesy of the former uber-hacker of unknowable enormity. They're even worse that telemarketers that scam the elderly, and they're hoping you're the next $50 bill in their offshore account. [ Reply to This | ParentRe:How come there are so many nice hackers? by Mistshadow2k4 (Score:1) Monday October 17, @10:13AMRe:How come there are so many nice hackers? by skubeedooo (Score:1) Monday October 17, @02:18PMRe:How come there are so many nice hackers? by Mistshadow2k4 (Score:1) Monday October 17, @04:12PMRe:How come there are so many nice hackers? by TooMuchEspressoGuy (Score:1) Monday October 17, @10:15AMRe:How come there are so many nice hackers? by SuperBanana (Score:2) Monday October 17, @10:20AMfunny? by Evil Grinn (Score:2) Monday October 17, @10:40AMTinkerers, not just Hackers by aaandre (Score:1) Monday October 17, @02:45PM4 replies beneath your current threshold.Very vague by fa_pa (Score:2) Monday October 17, @09:31AMRe:Very vague by Agret (Score:2) Monday October 17, @09:33AMRe:Very vague by TheSpoom (Score:2) Monday October 17, @09:59AM yeah, WTF? (Score:5, Insightful) by subtropolis (748348) on Monday October 17, @09:50AM (#13808779) There's this exploit, see. Click here to try it. Go on, it's ok...I think the poll at the top of the page should ask, "Do you trust WhiteDust security?"Oh, wait - that's what the 'Test the exploit' link is for. [ Reply to This | ParentRe:yeah, WTF? by Khyber (Score:2) Monday October 17, @11:38AM1 reply beneath your current threshold.Re:Very vague by goldspider (Score:3) Monday October 17, @10:33AMRe:Very vague by Mistshadow2k4 (Score:2) Monday October 17, @10:18AM1 reply beneath your current threshold. Nomenclature... (Score:5, Insightful) by gowen (141411) <slashdot@gwowen.freeserve.co.uk> on Monday October 17, @09:31AM (#13808618) (Last Journal: Thursday October 31, @03:07PM) How long has a webpage that makes a browser crash been called a "Denial Of Service Exploit".A browser that can be crashed is a very bad thing, but suggesting this is some sort of "Denial Of Service" attack, is just semantics. It doesn't crash the box, and it doesn't flood/break the network. Every other service on your machine runs as normal. That's not a Denial Of Service by the usual definition of the term. [ Reply to ThisRe:Nomenclature... by arkanes (Score:2) Monday October 17, @09:33AMRe:Nomenclature... by gowen (Score:1) Monday October 17, @09:56AMRe:Nomenclature... by Pieroxy (Score:2) Monday October 17, @10:02AMRe:Nomenclature... by marcosdumay (Score:2) Monday October 17, @10:12AMRe:Nomenclature... by Pieroxy (Score:2) Monday October 17, @10:20AMRe:Nomenclature... by AvitarX (Score:1) Monday October 17, @10:30AMRe:Nomenclature... by Pieroxy (Score:2) Monday October 17, @11:17AMRe:Nomenclature... by AvitarX (Score:1) Monday October 17, @11:28AMRe:Nomenclature... by Pieroxy (Score:2) Monday October 17, @11:55AMRe:Nomenclature... by Pieroxy (Score:2) Monday October 17, @11:57AM2 replies beneath your current threshold.1 reply beneath your current threshold.Re:Nomenclature... by arkanes (Score:2) Monday October 17, @11:06AMRe:Nomenclature... by gowen (Score:1) Monday October 17, @11:29AM The operative word is "attack". (Score:5, Insightful) by khasim (1285) <brandioch.conner@gmail.com> on Monday October 17, @10:21AM (#13808974) Since you have to go to a specific web page, with a specific browser ... and the only thing that will happen is that your browser will crash ... is "attack" the correct term for this kind of behaviour?If you crash your car into a tree, did that tree "attack" you?If you crash your car when driving over ice, did that ice "attack" you?If you drive your car off a bridge and into a lake, did that lake "attack" you?Since you cannot use your car immediately after a crashes, are trees considered a DoS exploit? [ Reply to This | ParentRe:The operative word is "attack". by drstock (Score:3) Monday October 17, @12:22PMRe:The operative word is "attack". by SuperJason (Score:2) Monday October 17, @12:28PM1 reply beneath your current threshold.3 replies beneath your current threshold.Re:Nomenclature... by horza (Score:2) Monday October 17, @10:26AMRe:Nomenclature... by arkanes (Score:2) Monday October 17, @10:59AMRe:Nomenclature... by arkanes (Score:2) Monday October 17, @11:10AMRe:Nomenclature... by Craster (Score:1) Monday October 17, @11:16AMRe:Nomenclature... by aug24 (Score:2) Monday October 17, @10:49AMRe:Nomenclature... by Mike McTernan (Score:1) Monday October 17, @11:58AMRe:Nomenclature... by LDoggg_ (Score:2) Monday October 17, @11:34AMRe:Nomenclature... by cagle_.25 (Score:2) Monday October 17, @03:13PMRe:Nomenclature... by NickFortune (Score:2) Monday October 17, @09:50AMRe:Nomenclature... by baggins2002 (Score:1) Monday October 17, @10:34AM Re:Nomenclature... (Score:4, Informative) by m50d (797211) on Monday October 17, @09:58AM (#13808822) (http://www.sdonag.plus.com/ | Last Journal: Friday October 14, @03:54PM) A browser that can be crashed is a very bad thing, but suggesting this is some sort of "Denial Of Service" attack, is just semantics. It doesn't crash the box, and it doesn't flood/break the network. Every other service on your machine runs as normal. That's not a Denial Of Service by the usual definition of the term. Yes it is. If you did exactly the same thing to, say, apache or proftpd or mysql - don't crash the box, don't break the network, every other service runs normal - it would be a DoS. Calling this attack a DoS provides some very important information - it doesn't allow execution of arbitrary code, just locks up the browser. The only thing that's possibly unusual here is applying the term to a client rather than a server program, but a DoS is absolutely the correct term. [ Reply to This | Parent Re:Nomenclature... (Score:5, Insightful) by gowen (141411) <slashdot@gwowen.freeserve.co.uk> on Monday October 17, @10:13AM (#13808917) (Last Journal: Thursday October 31, @03:07PM) If you did exactly the same thing to, say, apache or proftpd or mysql They're all servers.Servers <=> Service <=> Denial Of Service.See how that works? [ Reply to This | ParentRe:Nomenclature... by m50d (Score:2) Monday October 17, @11:13AMRe:Nomenclature... by gowen (Score:1) Monday October 17, @11:26AMRe:Nomenclature... by m50d (Score:2) Monday October 17, @12:15PMRe:Nomenclature... by gowen (Score:1) Monday October 17, @12:23PMRe:Nomenclature... by m50d (Score:2) Monday October 17, @12:27PM Re:Nomenclature... (Score:5, Informative) by gowen (141411) <slashdot@gwowen.freeserve.co.uk> on Monday October 17, @12:37PM (#13809884) (Last Journal: Thursday October 31, @03:07PM) i) Web browsing isn't a server process, it's a client process.ii) You can kill the browser and go to another web page. Hell, you can just start another instance of the web browser. Which must take all of three nanoseconds.If you prevent login, or send a SYN flood that prevents http connections, you can't just restart the appropriate service. If you really can't see why causing a client to crash is different from preventing a server from functioning, I suggest you look in some elementary computer science textbooks.I don't have time any more time to explain the basics to fools. [ Reply to This | ParentRe:Nomenclature... by m50d (Score:2) Monday October 17, @03:46PMRe:Nomenclature... by dcam (Score:2) Monday October 17, @08:16PMRe:Nomenclature... by dustmite (Score:2) Monday October 17, @12:30PMRe:Nomenclature... by Secrity (Score:2) Monday October 17, @10:16AMRe:Nomenclature... by m50d (Score:2) Monday October 17, @11:29AMRe:Nomenclature... by antiMStroll (Score:2) Monday October 17, @02:24PMRe:Nomenclature... by m50d (Score:2) Monday October 17, @03:51PMRe:Nomenclature... by antiMStroll (Score:2) Monday October 17, @06:10PMRe:Nomenclature... by malsdavis (Score:2) Monday October 17, @11:31AMRe:Nomenclature... by m50d (Score:2) Monday October 17, @12:20PMRe:Nomenclature... by pipingguy (Score:2) Monday October 17, @02:13PMRe:Nomenclature... by Kawahee (Score:2) Monday October 17, @10:02AMRe:Nomenclature... by NitroWolf (Score:2) Monday October 17, @10:51AM Re:Nomenclature... (Score:5, Insightful) by MightyYar (622222) on Monday October 17, @10:19AM (#13808949) Wow... what a big ball of... nothing. All they did was find some html that crashes Firefox. Big deal! Have you seen Bugzilla lately? Should I just start randomly submitting bugs from Bugzilla, start calling them DOS exploits, and make the front page of Slashdot? [ Reply to This | ParentRe:Nomenclature... by LilGuy (Score:2) Monday October 17, @02:44PMRe:Nomenclature... by MightyYar (Score:2) Monday October 17, @06:08PM1 reply beneath your current threshold.Re:Nomenclature... by TheTomcat (Score:2) Tuesday October 18, @12:14AMRe:Nomenclature... by southpolesammy (Score:2) Monday October 17, @10:19AMIt stands for by dj245 (Score:2) Monday October 17, @10:30AM1 reply beneath your current threshold.Looks like.. by matt me (Score:2) Monday October 17, @11:34AMRe:Nomenclature... by konijn (Score:1) Monday October 17, @12:15PM1 reply beneath your current threshold. Worm Code (Score:4, Funny) by Agret (752467) <alias DOT zero2097 AT gmail DOT com> on Monday October 17, @09:31AM (#13808623) (http://agret.blogspot.com/ | Last Journal: Thursday September 29, @11:59PM)