Page 1 of 1
CraSSh pure-CSS vulnerability
Posted: Wed Dec 05, 2018 10:15 pm
by barbaz
https://cras.sh/
I tried the PoC in a VM, and it froze the entire VM!
I had to force power off the VM.
Is it possible for an extension (maybe NoScript?) to mitigate this sort of thing?
Re: CraSSh pure-CSS vulnerability
Posted: Thu Dec 06, 2018 1:03 am
by therube
Already fixed on the FF end, scheduled for FF 65, I believe.
PM:
https://forum.palemoon.org/viewtopic.ph ... 20#p157120
Re: CraSSh pure-CSS vulnerability
Posted: Thu Dec 06, 2018 1:41 am
by barbaz
therube wrote:Already fixed on the FF end, scheduled for FF 65, I believe.
This bug? -
https://bugzilla.mozilla.org/show_bug.cgi?id=1510862
Re: CraSSh pure-CSS vulnerability
Posted: Thu Dec 06, 2018 3:36 am
by therube
Yeah, that's the one I saw the other day.
Re: CraSSh pure-CSS vulnerability
Posted: Thu Dec 06, 2018 3:57 am
by GµårÐïåñ
Tried it, didn't do anything for me, just crashed the tab it was on and that's it.