[Full-disclosure] Follow up browser DoS

J. Oquendo sil at infiltrated.net
Tue Apr 17 20:24:02 BST 2007 

Comments on Firefox 2.0.3 ... Mines hangs then regains its composure after
about 2 solid minutes of being stuck in hell.


Did nothing to Opera on Windows, OpenBSD or Linux...

Seemed to also toast out Firefox on FC5. Caused system to respond horribly.

[root at linuxbox ~]# yum update firefox
Loading "installonlyn" plugin
Setting up Update Process
Setting up repositories
core                                                                 [1/3]

.....

--> Populating transaction set with selected packages. Please wait.
---> Downloading header for firefox to pack into transaction set.
firefox-1.5.0.10-1.fc5.i3 100% |=========================|  82 kB    00:00
---> Package firefox.i386 0:1.5.0.10-1.fc5 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 firefox                 i386       1.5.0.10-1.fc5   updates            18 M

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       1 Package(s)
Remove       0 Package(s)
Total download size: 18 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): firefox-1.5.0.10-1 100% |=========================|  18 MB    01:27
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : firefox                      ######################### [1/2]
  Cleanup   : firefox                      ######################### [2/2]

Updated: firefox.i386 0:1.5.0.10-1.fc5
Complete!

Copied and pasted top information ... Took me 3 minutes to actually copy
and paste the information...

Tasks: 118 total,   1 running, 116 sleeping,   0 stopped,   1 zombie
Cpu(s): 73.7% us, 25.3% sy,  0.0% ni,  0.0% id,  0.0% wa,  1.0% hi,  0.0% si
Mem:   1034412k total,  1019464k used,    14948k free,     1600k buffers
Swap:  2031608k total,   317436k used,  1714172k free,    41184k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
27474 root      18   0 1178m 838m  17m D  1.0 83.0   0:21.43 firefox-bin


[root at linuxbox ~]# killall -9 firefox-bin
firefox-bin: no process killed
[root at linuxbox ~]# killall -9 firefox-bin
[root at linuxbox ~]#

Killed it once... Nope... System didn't even acknowledge it. Stood running for
a few seconds till I killall -9'd it again. Damn you firefox!



-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070417/acfe7dd7/attachment.bin

Full-Disclosure is hosted and sponsored by Secunia.