New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firebug 2.0.16 - Regular Expression DoS #8012

Closed
arturczyz opened this Issue Apr 19, 2016 · 2 comments

Comments

Projects
None yet
3 participants
@arturczyz

arturczyz commented Apr 19, 2016

Firebug 2.0.16 - Regular Expression DoS / Infinite Loop Vulnerability

---------------------------------------------
I. DESCRIPTION
---------------------------------------------

Regular Expression DoS vulnerability in Firebug 2.0.16 allows remote attackers to crash Firebug plugin.

---------------------------------------------
II. LOCATION OF VULNERABILITY
---------------------------------------------

Path: /firebug/content/lib/url.js
Line: 450

---------------------------------------------
III. PROOF OF CONCEPT
---------------------------------------------

Tested on:
Mozilla Firefox 45.0.1 with Firebug 2.0.16

Example URL with Evil Payload which exploits vulnerability and in result will crash Firebug plugin.

Payload: test//;../../../test

Option I:

  1. Open URL: http://example.domain/?falsevariable=test;//;../../../test
  2. Load Firebug plugin.

Option II:

  1. Open Firebug plugin.
  2. Open URL: http://example.domain/?falsevariable=test;//;../../../test

Explanation:
Payload works in any domain (example.domain is only example), we only need to put payload in value of any variable.

---------------------------------------------
IV. REFERENCES
---------------------------------------------


Discovered by: Artur Czyz

@simonlindholm

This comment has been minimized.

Show comment
Hide comment
@simonlindholm

simonlindholm Apr 19, 2016

Member

It's not an evil regex as much as an infinite loop... and I'm not actually sure what the purpose of the loop is, either. #8013 should be a safe fix. Not that this is very critical (a page could also just detect Firebug and then do an infinite loop, with much the same effect).

Member

simonlindholm commented Apr 19, 2016

It's not an evil regex as much as an infinite loop... and I'm not actually sure what the purpose of the loop is, either. #8013 should be a safe fix. Not that this is very critical (a page could also just detect Firebug and then do an infinite loop, with much the same effect).

@janodvarko

This comment has been minimized.

Show comment
Hide comment
@janodvarko

janodvarko Apr 19, 2016

Member

@arturczyz thanks for the report!

The fix will be included in Firebug 2.0.17

Honza

Member

janodvarko commented Apr 19, 2016

@arturczyz thanks for the report!

The fix will be included in Firebug 2.0.17

Honza

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment