The Palm Pre WebOS version <=1.1 suffers from a floating point exception crash when attempting to view a specially crafted web page. This vulnerability has been addressed in the latest patch from Palm and all users are recommended to update to WebOS version 1.2+.
II. Impact
If a user is sent to a malicious web page that contains specially crafted data, the LunaSysMgr process will crash, causing the phone to simulate a reboot. The crash itself is a floating point error that crashes the "LunaSysMgr" process and forces the phone to restart the process, simulating a reboot of the system. At the time of the discovery, the greatest risk to the system was a crash/denial of service vulnerability.
The crash does not occur when viewing the malicious web page while in landscape mode.
III Proof of Concept
The Palm Pre WebOS will crash upon opening a web page that contains 50,280 bytes of data and then attempts to refresh the page. Upon viewing the malicious web page the phone will "crash".
The following code will trigger the crash
"<meta http-equiv="refresh" content="1">AAAAA..." using 50280 or more characters after the refresh.
IV. About
This vulnerability was discovered by Townsend Ladd Harris
Vulnerability details will be posted to: http://tlhsecurity.blogspot.com/ upon release of a patch.
