Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3065
HistoryJun 12, 2002 - 12:00 a.m.

remote DoS in Mozilla 1.0

2002-06-1200:00:00
vulners.com
14
JSON

Author

Tom Vogt <[email protected]>
http://web.lemuria.org/

Affected

Mozilla 1.0 and earlier
verified on Linux and Solaris, other Unixes most likely affected as
well.

Effect

System becomes unuseable or X windows crashes
(varies depending on system configuration)

Description

When loading pages with a specially prepared (or erroneous) stylesheet,
mozilla and X windows (not restricted to XFree) exhibit any of two
undesireable behaviours. This seems to depend on the local system
configuration, especially to the presence of xfs, but bug reports so
far
are inconclusive.
In one scenario, X simply crashes, taking everything with it. This
will result
in the loss of unsaved work.
In scenario two, memory useage of the X server explodes until the
machine
reaches the thrashing point, at which point only a hard kill (-9) of
the
X server can save it, provided there are enough system resources left
to
issue the kill.

Some systems see no crash, but random misbehaviour of X components
that often
require a shutdown of the X server to fix. See the follow ups in
bugzilla
for a full description of these various behaviours.

The bug is triggered by a huge font setting done through CSS.
Depending on
the end user's system configuration, this will either trigger an abort
in
the XFree86 code ("Beziers this large not supported") or cause an
explosive use of memory. It is unknown how much memory could get
consumed,
but follow-ups to the mozilla bug verify that machines with 1 GB of
memory still reach the thrashing point.

Example

Include a huge font size in your style sheet definition, e.g.:
body { font-size: 1666666px; }

http://www.adeliesolutions.com/Projects/
http://bugzilla.mozilla.org/attachment.cgi?id=87009&amp;action=view

Vendor Contact

filed as mozilla bug #150339
http://bugzilla.mozilla.org/show_bug.cgi?id=150339
Mozilla team scrambled immediately

also filed with the XFree86 team, no reaction so far

Solution/Patches

No patches have been issued so far, though the mozilla team appears to
be
at work and a patch should be available soon.

Another solution would be turning off stylesheets. Mozilla does not
have an
option for doing so in the preferences dialog, so this must be done
either
in the preferences file manually, or by editing the source code. I
have not
reviewed this option further.
Unchecking the "allow documents to use other fonts" button in
preferences
does NOT provide a workaround.

Author Statement

Aside from the fact that I don't believe in "responsible disclosure",
this
is already public knowledge through bugzilla.
Kudos to the mozilla team for prompt and competent reactions.


New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <[email protected]>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A
04F5

JSON