Firebug 2.0.16 - Regular Expression DoS #8012
3 participants
|
It's not an evil regex as much as an infinite loop... and I'm not actually sure what the purpose of the loop is, either. #8013 should be a safe fix. Not that this is very critical (a page could also just detect Firebug and then do an infinite loop, with much the same effect). |
|
@arturczyz thanks for the report! The fix will be included in Firebug 2.0.17 Honza |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Firebug 2.0.16 - Regular Expression DoS / Infinite Loop Vulnerability
---------------------------------------------
I. DESCRIPTION
---------------------------------------------
Regular Expression DoS vulnerability in Firebug 2.0.16 allows remote attackers to crash Firebug plugin.
---------------------------------------------
II. LOCATION OF VULNERABILITY
---------------------------------------------
Path: /firebug/content/lib/url.js
Line: 450
---------------------------------------------
III. PROOF OF CONCEPT
---------------------------------------------
Tested on:
Mozilla Firefox 45.0.1 with Firebug 2.0.16
Example URL with Evil Payload which exploits vulnerability and in result will crash Firebug plugin.
Payload: test//;../../../test
Option I:
Option II:
Explanation:
Payload works in any domain (example.domain is only example), we only need to put payload in value of any variable.
---------------------------------------------
IV. REFERENCES
---------------------------------------------
Discovered by: Artur Czyz