CVE-2006-2723

Firefox - Denial of Service via Nested Marquee Tags

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2723. PoCs published by n00b.

AI-analyzed exploit summary This exploit leverages a Denial of Service (DoS) vulnerability in Internet Explorer by using nested marquee tags to crash the browser. The excessive nesting causes a stack overflow, leading to a crash.

Description

Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.

Exploits (1)

exploitdb WORKING POC VERIFIED

by n00b · htmldosmultiple

https://www.exploit-db.com/exploits/1867

View Code ZIP pw:eip

This exploit leverages a Denial of Service (DoS) vulnerability in Internet Explorer by using nested marquee tags to crash the browser. The excessive nesting causes a stack overflow, leading to a crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions prior to patch for CVE-2006-2723)

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer

MITRE ATT&CK