https://cras.sh/
I tried the PoC in a VM, and it froze the entire VM! I had to force power off the VM.
Is it possible for an extension (maybe NoScript?) to mitigate this sort of thing?
CraSSh pure-CSS vulnerability
CraSSh pure-CSS vulnerability
*Always* check the changelogs BEFORE updating that important software!
-
Re: CraSSh pure-CSS vulnerability
Already fixed on the FF end, scheduled for FF 65, I believe.
PM: https://forum.palemoon.org/viewtopic.ph ... 20#p157120
PM: https://forum.palemoon.org/viewtopic.ph ... 20#p157120
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
Re: CraSSh pure-CSS vulnerability
This bug? - https://bugzilla.mozilla.org/show_bug.cgi?id=1510862therube wrote:Already fixed on the FF end, scheduled for FF 65, I believe.
*Always* check the changelogs BEFORE updating that important software!
-
Re: CraSSh pure-CSS vulnerability
Yeah, that's the one I saw the other day.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
- GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: CraSSh pure-CSS vulnerability
Tried it, didn't do anything for me, just crashed the tab it was on and that's it.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0