CraSSh pure-CSS vulnerability

General discussion about web technology.
Post Reply
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

CraSSh pure-CSS vulnerability

Post by barbaz »

https://cras.sh/

I tried the PoC in a VM, and it froze the entire VM! :o I had to force power off the VM.

Is it possible for an extension (maybe NoScript?) to mitigate this sort of thing?
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: CraSSh pure-CSS vulnerability

Post by therube »

Already fixed on the FF end, scheduled for FF 65, I believe.

PM: https://forum.palemoon.org/viewtopic.ph ... 20#p157120
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: CraSSh pure-CSS vulnerability

Post by barbaz »

therube wrote:Already fixed on the FF end, scheduled for FF 65, I believe.
This bug? - https://bugzilla.mozilla.org/show_bug.cgi?id=1510862
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: CraSSh pure-CSS vulnerability

Post by therube »

Yeah, that's the one I saw the other day.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: CraSSh pure-CSS vulnerability

Post by GµårÐïåñ »

Tried it, didn't do anything for me, just crashed the tab it was on and that's it.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Post Reply