Multiple Browsers DoS by evil javascript code.

Multiple Browsers DoS by Lostmon

Tested in windows with IE7,IE8,Mozilla Firefox,Avant browser,Flock Browser,Safari browser
Opera Browser aparently is not vulnerable
In all cases the browser become slow & unresponsive and aplication is hang,
resulting in a recoverable DoS issue. The code play with the document.href ,window.open.

i ofuscate the code to dificult others to look

XDDDDDD

Click button to begin the exploit !!!

Internet Explorer:

Aplicación que no responde: iexplore.exe, versión 8.0.6001.17184,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.

In ie 8 i have surprised, because if we open the exploit localy from the desktop for example ...
and we allow the activex warnnig and allow popups , iexplorer opens a window with the content
of c:\ .

i have surprised because the url(location.href) relative in the exploit wen we open from desktop
is C:\documents and settings\YOUR_USER\desktop\browser_die.html
so why explorer opens a window with c:\ .. this is a incorrect location.href location....

Click button to begin the exploit !!!

Flock Browser:

Aplicación que no responde: flock.exe, versión 1.1.1.0,
módulo que no responde hungapp, versión 0.0.0.0, dirección
que no responde 0x00000000.

Mozilla Firefox:

Aplicación que no responde: firefox.exe, versión 1.8.20080.31114,
módulo que no responde hungapp, versión 0.0.0.0, dirección que
no responde 0x00000000.

Avant Browser:

Aplicación que no responde: avant.exe, versión 11.5.0.0,
módulo que no responde hungapp, versión 0.0.0.0,
dirección que no responde 0x00000000.

In avant browser if we have on the popups blocker the browser
become unresposive in a few seconds , if wen don´t have on,
the browser detect that this is a slow script, but become hang too.

Safari For windows:

In safari for windows ,if we have open a window with google for example,
and open the exploit in a new safari window with the exploit an click in the button,
safari opens a few popups , and aftter close all popups and close
too the first window what open with google :O

Click button to begin the exploit !!!

Atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente...