CVE-2001-1490

Step 1: Payload Delivery: The attacker crafts a malicious HTML webpage. This webpage contains a large number of image tags (e.g., <img src="image.jpg">). Step 2: User Interaction: The victim, using Mozilla 0.9.6, navigates to or is tricked into visiting the malicious webpage. Step 3: Image Loading: The browser begins to load and process each image specified in the HTML. Due to the large number of images, this process consumes a significant amount of CPU and memory. Step 4: Resource Exhaustion: The browser's resources are progressively depleted. The memory leak exacerbates the problem, as allocated memory is not properly released. Step 5: Denial of Service: The browser becomes unresponsive, freezes, or crashes due to the exhaustion of CPU and memory, effectively denying service to the user.

The vulnerability stems from inefficient resource management within Mozilla 0.9.6 when handling a large number of images. The browser fails to properly limit the resources allocated for image processing, leading to excessive CPU consumption and a memory leak. Specifically, the rendering engine likely attempts to load and process all images simultaneously without proper throttling or garbage collection. This causes the browser to allocate significant memory for each image, eventually exhausting available resources. The lack of proper error handling or resource limits allows the attack to continue unchecked, leading to a DoS condition. The root cause is likely in the image loading and rendering code, where the number of images is not properly validated or controlled, leading to uncontrolled resource allocation.