Technically Speaking

A newly discovered bug in the implementation of Javascript allows attackers to utilize the “Infinite Array Sort Denial Of Service Vulnerability”. The exploit can target not only Internet Explorer, but virtually all known browsers that read Javascript; Mozilla Browser, Mozilla Firefox, Opera and Apple Safari.

The bug has been called the Infinite Array Sort Denial Of Service Vulnerability and causes the affected browsers to execute an infinite JavaScript array sort. That operation in turn effectively causes a DoS on the browser in question and causes it to crash by exhausting stack memory.

At present there are no confirmed exploits in the wild that expand the vulnerability to execute malicious code, though that may only be a matter of time.

Quote Source

The bug has been reported to the various browser distributors but as of yet, there are no patches for the flaw.

This entry was posted on Wednesday, December 1st, 2004 at 7:33 am and is filed under Digital Underground, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.