Mozilla Firefox HTML marquee tag denial of service
| firefox-marquee-dos (26898) |  Medium Risk |
Description:
Mozilla Firefox is vulnerable to a denial of service caused by improper handling of specially-crafted HTML marquee tags. A remote attacker could exploit this vulnerability using a malicious Web page to consume all available CPU resources on a victim's system, once the page is loaded.
Note: It has also been reported that this vulnerability affects other Web browsers, including Opera, Flock and Internet Explorer.
Consequences:
Denial of Service
Remedy:
No remedy available as of May 1, 2013.
References:
- BugTraq Mailing List, Thu Jun 08 2006 - 05:06:08 CDT : Ie opera dos exploit.
- BugTraq Mailing List, Thu Jun 22 2006 - 19:27:07 CDT: flock d0s exploit remote. beta 1 (v0.7).
- BugTraq Mailing List, Tue May 30 2006 - 07:03:36 CDT : Fire fox dos exploit.
- BugTraq Mailing List, Wed May 31 2006 - 08:59:24 CDT: Re: Fire fox dos exploit.
- BugTraq Mailing List, Wed May 31 2006 - 12:28:24 CDT: Re: Fire fox dos exploit.
- BugTraq Mailing List, Wed May 31 2006 - 13:29:54 CDT: Re: Re: Fire fox dos exploit.
- BugTraq Mailing List, Wed May 31 2006 - 15:14:41 CDT: Re: Fire fox dos exploit.
- Flock Web site: Flock - The web browser for you and your friends.
- Mozilla Bugzilla Bug 239840: hang when many dl and marquee tags are used. exponential time increase depending on number of dl tags...
- BID-18165: Multiple Browser Marquee Denial of Service Vulnerability
- CVE-2006-2723: Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.
- CVE-2006-6954: Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
- CVE-2006-6955: Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
- CVE-2006-6956: Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
- OSVDB ID: 27208: Mozilla Firefox Nested marquee Tag Handling DoS
- OSVDB ID: 58816: Flock Browser Nested marquee Tag Handling DoS
- OSVDB ID: 58817: Microsoft IE Nested marquee Tag Handling DoS
- OSVDB ID: 58818: Opera Nested marquee Tag Handling DoS
- OSVDB ID: 64160: Opera Content Writing Uninitialized Memory Corruption
Platforms Affected:
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Mozilla Firefox 1.0.8
- Mozilla Firefox 1.5.0.3
- Mozilla Firefox 1.5.0.4
- Mozilla Firefox 2.0.0.3
- Opera Opera Browser
Reported:
May 30, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this