1. General information
In early March, a piece of php code which causes Firefox to crash was distributed on the Internet. When users use Firefox to visit websites that contain this code, their current browser session will immediately be shut down, and they have to restart Firefox. This hole may cause some trouble but does not have much effect on users' security.
|
Release Date
|
Affected software
|
Severity
|
|
March 01, 2010
|
Mozilla Firefox version 3.5, 3.6
|
Normal
|
2. Technical details
Marquee tag is a non-standard html tag; it allows the displayed html content to scroll left, right, up or down automatically. To process the tag, Firefox does not use normal tag processing module, but xul module.
To be specific, while processing marquee tag, xul module calls recursive function; this function only returns when catching </marquee> closing tag. Thus, the failure to manage the maximum pairs of tag marquee causes recursive function call to take too much memory on stack. When the number of marquee tag pairs is high enough to occupy all stack memory, the program (Firefox) crashes, ending the work session.
Exploiting this vulnerability, hacker may create websites containing malicious code and seduce users to access. Visiting these websites then would cause a lot of trouble to users.
3. Solution
Mozilla has not released any patch for this vulnerability. To check for Firefox latest patches, on menu bar, click ?Help?, then choose ?Check for Updates?.
Analyst: Mai Xuan Cuong