Firefox Vulnerable to Denial of Service Attacks

The Mozilla Firefox Web browser is vulnerable to Denial of Service (DoS) attacks, which can occur because of malformed HTML tags or specific coding of IFRAME tags. The first DoS condition occurs when a "link" tag for a stylesheet contains an undefined path. The second DoS condition, which affects both Firefox and Thunderbird, occurs when "strong" tags and "sourcetext" tags are mismatched. The third DoS condition occurs when an IFRAME tag contains an excessively large width parameter.

The problems affect Firefox 1.0.7 and earlier versions of the browser, and possibly Mozilla and Netscape because both of those browsers share some of the same source code as Firefox. Mozilla Foundation reported that the IFRAME vulnerability is fixed in Firefox 1.5 Beta 2, however the status of fixes for the other vulnerabilities is unknown. The status of a fix for Thunderbird is also unknown at this time.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.