lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: kang at insecure.ws (kang@...ecure.ws)
Subject: safari dos

Original is here: http://www.insecure.ws/article.php?story=20031122012748282


Safari will never exit a loop in javascript. Since javascript isn't 
executed in a thread, this cause a DoS (Safari crashes).
Firebird has been tested and is not vulnerable. I don't know about other 
browers on MacOSX, but they are probably not vulnerable. (OmniWeb?)

/As usual, read more for exploit/explanation/

----------

|Adv: safari_0x02
Release Date: 22/11/03
Affected Products: Safari =< 1.1.1
Impact: Denial of Service
Severity: Remote, low
Author: kang, kang@...ecure.ws
|

A very simple javascript block like this one:

while (true)
{ document.location "sherlock://com.apple.movies?" }




is enought to lock up Safari, effectivly DoSing it.
Notice that you must call a protocol helper in the loop, here I'm 
calling Sherlock. Otherwise, the loop is aborted and Safari functions 
normally.
There is no fix available yet. Vendor has been informed.


Powered by blists - more mailing lists