Oh jesses. Wenn die Presse davon Wind kriegt! -martin
> -----Original Message----- > From: Tom [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 10, 2002 10:20 AM > To: [EMAIL PROTECTED] > Subject: remote DoS in Mozilla 1.0 > > > Author > ====== > Tom Vogt <[EMAIL PROTECTED]> > http://web.lemuria.org/ > > > Affected > ======== > Mozilla 1.0 and earlier > verified on Linux and Solaris, other Unixes most likely > affected as well. > > > Effect > ====== > System becomes unuseable or X windows crashes > (varies depending on system configuration) > > > Description > =========== > When loading pages with a specially prepared (or erroneous) > stylesheet, > mozilla and X windows (not restricted to XFree) exhibit any of two > undesireable behaviours. This seems to depend on the local system > configuration, especially to the presence of xfs, but bug > reports so far > are inconclusive. > In one scenario, X simply crashes, taking everything with it. > This will result > in the loss of unsaved work. > In scenario two, memory useage of the X server explodes until > the machine > reaches the thrashing point, at which point only a hard kill > (-9) of the > X server can save it, provided there are enough system > resources left to > issue the kill. > > Some systems see no crash, but random misbehaviour of X > components that often > require a shutdown of the X server to fix. See the follow ups > in bugzilla > for a full description of these various behaviours. > > The bug is triggered by a huge font setting done through CSS. > Depending on > the end user's system configuration, this will either trigger > an abort in > the XFree86 code ("Beziers this large not supported") or cause an > explosive use of memory. It is unknown how much memory could > get consumed, > but follow-ups to the mozilla bug verify that machines with 1 GB of > memory still reach the thrashing point. > > > Example > ======= > Include a huge font size in your style sheet definition, e.g.: > body { font-size: 1666666px; } > > http://www.adeliesolutions.com/Projects/ > http://bugzilla.mozilla.org/attachment.cgi?id=87009&action=view > > > Vendor Contact > ============== > filed as mozilla bug #150339 > http://bugzilla.mozilla.org/show_bug.cgi?id=150339 > Mozilla team scrambled immediately > > also filed with the XFree86 team, no reaction so far > > > Solution/Patches > ================ > No patches have been issued so far, though the mozilla team > appears to be > at work and a patch should be available soon. > > Another solution would be turning off stylesheets. Mozilla > does not have an > option for doing so in the preferences dialog, so this must > be done either > in the preferences file manually, or by editing the source > code. I have not > reviewed this option further. > Unchecking the "allow documents to use other fonts" button in > preferences > does NOT provide a workaround. > > > Author Statement > ================ > Aside from the fact that I don't believe in "responsible > disclosure", this > is already public knowledge through bugzilla. > Kudos to the mozilla team for prompt and competent reactions. > > > > > > > -- > New GPG Key issued (old key expired): > http://web.lemuria.org/pubkey.html > pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <[EMAIL PROTECTED]> > Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 > 9FA1 2D7A 04F5 > ---------------------------------------------------------------------------- PUG - Penguin User Group Wiesbaden - http://www.pug.org
