mailing list archives
Re: browser document.cookie DoS vulnerability
From: cve-assign () mitre org
Date: Tue, 15 Oct 2013 11:29:05 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
I don't think web browser dos's are suppose to be CVE worthy.
A complete crash of a typical web browser is currently always eligible
for a CVE assignment from MITRE. This, of course, doesn't mean that a
Red Hat Security Advisory would necessarily be published for that
issue alone. It also doesn't mean that browser vendors actively
request CVE assignments for all such issues.
An example where a CVE assignment isn't made is a clean crash (no
memory corruption) of a single process associated with browsing a
single web site, i.e., a "tab crash" in some browsers. This might be
caused by a malicious web site that triggers a divide by zero. In that
situation, it's generally not possible for the crash to disrupt the
end user's ongoing work.
CVE assignment team, MITRE CVE Numbering Authority
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)
-----END PGP SIGNATURE-----