Establishing Digital Trust: Don't Sacrifice Security for Convenience
Whitedust Security has publicly posted proof of concept exploit code as well as simple test link here to prove its assertion.
The bug that the exploit code triggers is not unknown to Mozilla. Since August, it has been listed on Bugzilla, Mozilla's bug tracking system.,
Bugzilla Bug 303433 was originally reported by Tom Ferris of security-protocols.com and has the title of ''Firefox 1.0.6 segfaults on this malformed .html page''.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Security firm Secunia posted an advisory on the bug on October 10th, and gave the ''Mozilla Firefox Iframe Size Denial of Service Weakness'', bug a rating of ''non-critical''.
The bug apparently affects the current version of Firefox 1.0.7 and below. The Beta 2 release of FireFox 1.5 has fixed the bug in question.