CVE-2008-4324

Firefox 3.0.2-3.0.3 - Denial of Service via Event Dispatcher Null Pointer Dereference

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4324. PoCs published by Aditya K Sood.

AI-analyzed exploit summary This exploit triggers a null pointer dereference in Mozilla Firefox by dispatching multiple UI events, leading to a denial of service (DoS) crash. The PoC uses JavaScript to create and dispatch events in loops, causing an unhandled exception.

Description

The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aditya K Sood · htmldoswindows

https://www.exploit-db.com/exploits/6614

View Code ZIP pw:eip

This exploit triggers a null pointer dereference in Mozilla Firefox by dispatching multiple UI events, leading to a denial of service (DoS) crash. The PoC uses JavaScript to create and dispatch events in loops, causing an unhandled exception.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Mozilla Firefox 3.0.3 (1.9.0 Branch)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK