In association with heise online

23 April 2007, 12:06

Crash risks for Firefox and Internet Explorer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Exploits demonstrating how to crash Firefox and Internet Explorer are currently circulating. In Firefox, it is sufficient to call a specific 'chrome URL'. [ticker:uk_61652 Chrome-URLs] are pseudo URLs which, in Firefox, can be used to run specific components in the browser's GUI with full access to local resources. They can be used, for example, to configure Firefox - the settings are simply mappings of the chrome URLs to XUL modules (User Interface Language). Known XUL modules include three which (are known to) cause a crash as soon as they are called:

chrome://pippki/content/editcacert.xul 	
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul

However, exploiting this for a DoS attack is far from easy, as it is not possible to call chrome URLs embedded in web pages. An attacker would have to persuade a victim to copy and paste the above URLs into the Firefox address bar. Firefox 2.0 for Windows and Linux is affected.

By contrast, a DoS exploit for Internet Explorer 6 and 7 does work with prepared web pages. A JavaScript script uses a loop to fill up memory, so that the browser fails to react for a considerable time and becomes unusable. In some cases the browser may also crash. Firefox also fails to react for several minutes, depending on system memory. This kind of memory bomb is nothing new, but it illustrates a fundamental problem - how do you limit a recursion, iteration or an overlong loop to protect memory. Alan M. Turing first tackled the halting problem - whether a Turing machine will finish running or run forever - back in 1936, and found that there is no universal solution.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-732683
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit