Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
From: "MustLive" <mustlive () websecurity com ua>
Date: Thu, 3 Jun 2010 14:50:45 +0300

Hello Manuel!

This Vulnerability have a CVE number or Bugtrack ID?

I wrote to Bugtraq and Full-Disclosure, so if CVE or any other bugtracks
will decide, they'll give their IDs to these vulnerabilities (I posted three
advisories about attacks via 5 protocols), which belong to group of DoS via
protocol handlers. For example there is SecurityVulns ID for them: 10851
(http://securityvulns.com/news/Browsers/mailto.html).

But note the next, which I told in details in Bugtraq
(http://www.securityfocus.com/archive/1/511364/30/0/threaded) in
conversation with Susan Bradley, and later John Smith and Vladimir Dubrovin
join it. That all browser vendors in most cases don't care about DoS holes
and mostly don't fix them.

And as I wrote in continuation of previous discussion
(http://www.securityfocus.com/archive/1/511570), all browser vendors don't
count DoS as vulnerabilities, they called them "stability issues" and so
don't attend to them seriously (and not fixing or fixing slowly). For this
reason they can to not make their own security advisories and so there will
be no CVE number or Bugtrack ID granted to these issues (in this case they
can be granted only if MITRE and others decided to give their IDs without
looking at browser vendors).

Also take into account that for "Image src redirect to mailto: URL"
vulnerability Mozilla released their security advisory MFSA 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) and there
was CVE-2010-0181 for it. So it's possible then they will decide to make
such ones for this vulnerability with iframes and different protocols.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: Manuel Moreno Leiva
To: MustLive
Cc: full-disclosure () lists grok org uk
Sent: Wednesday, June 02, 2010 11:45 PM
Subject: Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet
Explorer, Chrome and Opera


This Vulnerability have a CVE number or Bugtrack ID?
I Cant find any official information about this!

Regards

Manuel Moreno
Insecure


2010/5/28 MustLive <mustlive () websecurity com ua>

Hello Full-Disclosure!

I want to warn you about security vulnerabilities in different browsers.

-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/

-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer

8, Google Chrome, Opera.
-----------------------------
Timeline:

26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
27.05.2010 - disclosed at my site.
-----------------------------
Details:

After publication of previous vulnerabilities in different browsers, I
continued my researches and found many new vulnerabilities in browsers,
which I called by general name DoS via protocol handlers, to which belonged
and previous DoS attack via mailto handler.

Now I'm informing about DoS in different browsers via protocols news and
nntp. These Denial of Service vulnerabilities belongs to type

(http://websecurity.com.ua/2550/) blocking DoS and resources consumption

DoS. These attacks can be conducted as with using JS, as without it (via

creating of page with large quantity of iframes).


DoS:

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html

This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides

previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
1.0.154.48 and Opera 9.52.


In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as news-client at my computer, and IE8
crashes (at computer without Opera). And in Opera the attack is going

without blocking, only resources consumption (more slowly then in other
browsers).


http://websecurity.com.ua/uploads/2010/Firefox,%20IE%20&%20Opera%20DoS%20Exploit.html

This exploit for nntp protocol works in Mozilla Firefox 3.0.19 (and besides

previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6

(6.0.2900.2180) and Opera 9.52.

In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as nntp-client at my computer. In IE8 the
attack didn't work - possibly because that at that computer there was no
nntp-client, Opera in particular. And in Opera the attack is going without

blocking, only resources consumption (more slowly then in other browsers).


Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]