SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC
Title: SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC
Advisory ID: ZSL-2008-4896
Type: Local/Remote
Impact: DoS
Risk: (4/5)
Release Date: 08.09.2008
[2] http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html
[3] http://it.com.mk/index.php/Gjoko-Krstic/Sigurnost/SeaMonkey-1.1.11-Remote-Denial-of-Service-Exploit-PoC
[09.09.2008] - Added reference [3]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2008-4896
Type: Local/Remote
Impact: DoS
Risk: (4/5)
Release Date: 08.09.2008
Summary
Web-browser, advanced e-mail and newsgroup client, IRC chat client, and HTML editing made simple - all your Internet needs in one application.Description
SeaMonkey suffers from a remote denial of service vulnerability (DoS), using a special html file with the <marquee> tag multiple times (>24). Successfully exploiting these issues allows remote attackers to cause the application to freeze, denying service to legitimate users.Vendor
Mozilla Foundation - http://www.seamonkey-project.orgAffected Version
1.1.11Tested On
Microsoft Windows XP Professional SP2 (English)Vendor Status
N/APoC
seamonkey_dos.htmlCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.securityfocus.com/bid/31070[2] http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html
[3] http://it.com.mk/index.php/Gjoko-Krstic/Sigurnost/SeaMonkey-1.1.11-Remote-Denial-of-Service-Exploit-PoC
Changelog
[08.09.2008] - Initial release[09.09.2008] - Added reference [3]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk