Safari 4.0.5 & Firefox 3.6.3 – Various Stuff

Well well, apparently, we've yet again, discovered a few vulnerabilities.

This exploit (?) puts Opera 10.53, and Microsoft Internet Explorer 8 in a DoS condition.
However, that's pretty lame. I mean, a simple javascript:while(1){alert(1)} does the trick for that...

The cool point of this is, Apple's Safari 4.0.5 causes an access violation exception,
which means it tries to overwrite protected memory, which is pretty bad, doesn't take a genius to figure that out.
And guess what! The flaw, is yet again in the JavaScriptCore.dll which Safari seem to rely heavily upon.

Hm, what else...
Oh yeah!

Firefox 3.6.3 causes an exception which seem to be handled... But you never know!
The firefox process eats all the "virtual" RAM available by the process (2 gig on Windows platforms), and then it simply dies.
It all ends up with a cozy Mozilla error-dialog window thrown against you.

The script can be found here.

...And that's about it!

Ciao Bella.

Fredrik Nordberg Almroth

Hey, I'm Fredrik. I'm from Sweden, born 1990, and I got a huge interest for information technology and information security. So far, I've been studying for three years at the Internation IT College of Sweden and one year at the Royal Institute of Technology (Kista, Sweden). I'm one of the Co-Founders of Detectify. I'm working closely together with the swedish firm Young & Skilled. ...Not to forget, I'm the previous founder of Arctic Security. If you wish to contact me, please email me at h@ackack.net or follow me on twitter @Almroot.

10 Comments

1. 14/05/2010 @ 14:31

   Tweets that mention Safari 4.0.5 & Firefox 3.6.3 – Various Stuff -- Topsy.com says:

   [...] This post was mentioned on Twitter by AckAck, AckAck. AckAck said: New Post: Safari 4.0.5 & Firefox 3.6.3 - Various Stuff ( http://cli.gs/4h3V7 ): Well well, apparently, we've y... [...]

2. 14/05/2010 @ 15:24

   Mozilla details Firefox 4 specs « Free Software Download says:

   [...] Safari 4.0.5 & Firefox 3.6.3 – Various Stuff [...]

3. 14/05/2010 @ 17:50

   Nick Clegg’s negotiation notes caught on camera :Streets Of Dublin Project says:

   [...] Safari 4.0.5 & Firefox 3.6.3 – Various Stuff [...]

4. 

   15/05/2010 @ 03:36

   forex robot says:

   My cousin recommended this blog and she was totally right keep up the fantastic work!

5. 

   16/05/2010 @ 16:01

   Rem0ve says:

   Hello Bella,
   i analysed ur droped issue & found out its just a apphang.

   Version=1
   EventType=AppHangB1
   EventTime=129184944751002553
   ReportType=3
   Consent=1
   UploadTime=129184944870663343
   ReportIdentifier=13cdcf8b-60f9-11df-aeb8-f058f4e2ccda
   IntegratorReportIdentifier=13cdcf8c-60f9-11df-aeb8-f058f4e2ccda
   WOW64=1
   Response.BucketId=1074083309
   Response.BucketTable=5
   Response.type=4
   Sig[0].Name=Anwendungsname
   Sig[0].Value=firefox.exe
   Sig[1].Name=Anwendungsversion
   Sig[1].Value=1.9.2.3743
   Sig[2].Name=Anwendungszeitstempel
   Sig[2].Value=4bb4be02
   Sig[3].Name=Absturzsignatur
   Sig[3].Value=3b3b
   Sig[4].Name=Absturztyp
   Sig[4].Value=0
   DynamicSig[1].Name=Betriebsystemversion
   DynamicSig[1].Value=6.1.7600.2.0.0.768.3
   DynamicSig[2].Name=Gebietsschema-ID
   DynamicSig[2].Value=1031
   DynamicSig[22].Name=Zusätzliche Absturzsignatur 1
   DynamicSig[22].Value=3b3bac43efcd369de70b2203ab711d03
   DynamicSig[23].Name=Zusätzliche Absturzsignatur 2
   DynamicSig[23].Value=7f88
   DynamicSig[24].Name=Zusätzliche Absturzsignatur 3
   DynamicSig[24].Value=7f88ac99fde4932923d66125b2e4efa3
   DynamicSig[25].Name=Zusätzliche Absturzsignatur 4
   DynamicSig[25].Value=3b3b
   DynamicSig[26].Name=Zusätzliche Absturzsignatur 5
   DynamicSig[26].Value=3b3bac43efcd369de70b2203ab711d03
   DynamicSig[27].Name=Zusätzliche Absturzsignatur 6
   DynamicSig[27].Value=7f88
   DynamicSig[28].Name=Zusätzliche Absturzsignatur 7
   DynamicSig[28].Value=7f88ac99fde4932923d66125b2e4efa3
   UI[3]=Firefox reagiert nicht
   UI[4]=Wenn Sie das Programm schließen, gehen möglicherweise Informationen verloren.
   UI[5]=Programm schließen
   UI[6]=Programm schließen
   UI[7]=Programm schließen
   --
   State[0].Key=Transport.DoneStage1
   State[0].Value=1
   FriendlyEventName=Beendet und geschlossen.
   ConsentKey=AppHangXProcB1
   AppName=Firefox
   AppPath=C:\Users\Rem0ve\Desktop\Cuts\Browser\FirefoxPortable\App\Firefox\firefox.exe
   ReportDescription=Aufgrund eines Problems kann dieses Programm nicht mehr mit Windows kommunizieren.

6. 

   16/05/2010 @ 17:23

   Fredrik Nordberg Almroth says:

   @Rem0ve: Woah! Thanks for the input! Yet another DoS condition then Still an access violation in Safari though!

7. 

   17/05/2010 @ 07:18

   Black says:

   For some reason, I was also able to reproduce this result on my work laptop. It runs a Microsoft Internet Explorer 8!

8. 

   17/05/2010 @ 16:12

   Fredrik Nordberg Almroth says:

   What kind of exception? O.o
   I thought I tried all of them
   Mind to share the error report?

9. 17/05/2010 @ 19:29

   Tweets that mention Safari 4.0.5 & Firefox 3.6.3 – Various Stuff -- Topsy.com says:

   [...] This post was mentioned on Twitter by Sam Hunt. Sam Hunt said: News Update: Safari 4.0.5 & Firefox 3.6.3 – Various Stuff http://ow.ly/17p2TP [...]

10. 

    18/05/2010 @ 03:20

    veterinary technician says:

    Keep posting stuff like this i really like it