Описание
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | removed | package | ||
| iceweasel | removed | package | ||
| mozilla | removed | package |
Примечания
This is not a real security issue; it just describes the fact that the Gecko
engine of the Mozillae may be lead into a crash if you feed it with large chunks
of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
during transfer any user will cancel the transfer and if you load it from the
hard disc, well than you have "DoSed" yourself, congratulations.
It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
generally try to make sense of anything even remotely resembling HTML.
Связанные уязвимости
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.