← Advisories

SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC

High

Advisory ID

ZSL-2008-4896

Release Date

08 September 2008

Vendor

Mozilla Foundation - http://www.seamonkey-project.org

Affected Version

1.1.11

CVE

N/A

Tested On

Microsoft Windows XP Professional SP2 (English)

Summary

Web-browser, advanced e-mail and newsgroup client, IRC chat client, and HTML editing made simple - all your Internet needs in one application.

Description

SeaMonkey suffers from a remote denial of service vulnerability (DoS), using a special html file with the <marquee> tag multiple times (>24). Successfully exploiting these issues allows remote attackers to cause the application to freeze, denying service to legitimate users.

Proof of Concept

seamonkey_dos.htmlTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.securityfocus.com/bid/31070

[2]http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html

[3]http://it.com.mk/index.php/Gjoko-Krstic/Sigurnost/SeaMonkey-1.1.11-Remote-Denial-of-Service-Exploit-PoC

Changelog

08.09.2008Initial release

09.09.2008Added reference [3]