Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | 0.8 (including) | 0.8 (including) |
| Firefox | Mozilla | 0.9 (including) | 0.9 (including) |
| Firefox | Mozilla | 0.9-rc (including) | 0.9-rc (including) |
| Firefox | Mozilla | 0.9.1 (including) | 0.9.1 (including) |
| Firefox | Mozilla | 0.9.2 (including) | 0.9.2 (including) |
| Firefox | Mozilla | 0.9.3 (including) | 0.9.3 (including) |
| Firefox | Mozilla | 0.10 (including) | 0.10 (including) |
| Firefox | Mozilla | 0.10.1 (including) | 0.10.1 (including) |
| Firefox | Mozilla | preview_release (including) | preview_release (including) |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029491.html
- http://www.securityfocus.com/bid/11752
- http://www.securityfocus.com/bid/11760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18282
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029434.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029491.html
- http://www.securityfocus.com/bid/11752
- http://www.securityfocus.com/bid/11760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18282