Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: DoS attacks on email clients via protocol handlers
From: Eduardo Vela <sirdarckcat () gmail com>
Date: Sat, 12 Jun 2010 18:06:41 +0200

So that attack could allow
an attacker to annoy millions of people with email client popups when
they receive
an email/visit facebook.

it's important to note that the attack was in a redirection, so it's
asuming the website ensured that the starting URL was https?://

-- Eduardo

On Sat, Jun 12, 2010 at 6:00 PM, Eduardo Vela <sirdarckcat () gmail com> wrote:

Since I saw you mentioned
http://www.mozilla.org/security/announce/2010/mfsa2010-23.html I think
it would be important for you to know the difference between that
vulnerability and yours.

The reason that was fixed, was because it's generally considered safe
to embed images pointing off site, and is acceptable to consider it's
generally safe (with a few exceptions like referrer leaking, and basic
auth prompts), and a lot of websites, and online applications, like
gmail, or facebook to mention a few do it. So that attack could allow
an attacker to annoy millions of people with iframes when they receive
an email/visit facebook.

That was considered risky enough to make a fix, but still was
considered low risk.

All of your attacks with URI schemes are not exploitable this way, and
are completely useless for that matter, I would recommend you to think
"could this attack be exploited in mass? would it make people loss
money/time?" before making more of those advisories.


-- Eduardo

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]