Date: Thu, 12 Feb 2009 01:14:40 -0700
From: XiaShing@gmail.com
To: bugtraq@securityfocus.com
Subject: Denial of Service using Partial GET Request in Mozilla Firefox 3.06
X-Virus-Scanned: antivirus-gw at tyumen.ru
!vuln
Mozilla Firefox 3.06
Previous versions may also be affected.
!risk
Medium
There are currently many users using Mozilla Firefox.
However, there has been no confirmation of remote execution
of arbitrary code yet.
!info
Tested on:
Windows Vista Version Service Pack 1 Build 6001
Processor Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz,
2401 Mhz, 2 Core(s), 2 Logical Processor(s)
User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
(.NET CLR 3.5.30729)
!discussion
The Partial GET Request (HTTP 206 Status Code) of a WAV file
results in a Denial of Service of the application.
Last HTTP packet from Firefox before the DoS is listed below
in RAW format:
GET /fpaudio/footprints_waves.wav HTTP/1.1
Accept: */*
User-Agent: NSPlayer/11.0.6001.7001 WMFSDK/11.0
UA-CPU: x86
Accept-Encoding: gzip, deflate
Range: bytes=34848-
Unless-Modified-Since: Mon, 09 Jul 2007 12:44:57 GMT
If-Range: "4f0018-440f2-434d403204440"
Host: www.footprints-inthe-sand.com
Connection: Keep-Alive
The OK GET Request (HTTP 200 Status Code) of the WAV file is
listed below in RAW format:
GET /fpaudio/footprints_waves.wav HTTP/1.1
Accept: */*
User-Agent: Windows-Media-Player/10.00.00.3802
UA-CPU: x86
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: www.footprints-inthe-sand.com
!Proof of Concept
http://www.footprints-inthe-sand.com/index.php?page=
Poem/Poem.php
!solution
There is currently no solution. The vendor has not yet been
notified.
!greetz
Greetz go out to the people who know me.
!author
Xia Shing Zee
