| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Mar 2009 23:41:53 -0500 From: "Valdis' Mustache" <security.mustache@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Apple Safari ... DoS Vulnerability I would like to point out that I have been able to create a "hung" state in the Firefox browser by opening 30 simultaneous tabs pointed at http://www.welcometointernet.org/lawnmower/ and adding a 31st tab viewing http://www.hotrussianbrides.com. Also, I am not amused. Your humble servant, Ze Mustache von Kletnieks On Mon, Mar 2, 2009 at 10:29 PM, <bobby.mugabe@...hmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear Nick, > > You and Thierry Loller are wrong. > > - -bm > > On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald <nick@...us- > l.demon.co.uk> wrote: >>Chris Evans to Thierry Zoller: >> >>> > Example >>> > If a chrome tab can be crashed arbritarely (remotely) it is a >>DoS attack >>> > but with ridiculy low impact to the end-user as it only >>crashes the tab >>> > it was subjected to, and not the whole browser or operation >>system. >>> > But the fact remains that this was the impact of a DoS >>condition, >>> > the tab crashes arbritarily. >>> >>> Eh? If you visit www.evil.com and your tab crashes, that's no >>> different from www.evil.com closing its own tab with Javascript. >> >>But what if www.evil.com has run an injection attack of some kind >>(SQL, >>XSS in blog comments, etc, etc) against www.stupid.com? >> >>Visitors to stupid.com then suffer a DoS... >> >>Yes, stupid.com should run their site better, fix their myriad XSS >>holes, >>etc, etc. >> >>But this is the Internet, so this "software flaw" can be leveraged >>as >>security vulnerability. >> >>I'm with Thierry on this... >> >> >>Regards, >> >>Nick FitzGerald >> >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Charset: UTF8 > Version: Hush 3.0 > Note: This signature can be verified at https://www.hushtools.com/verify > > wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+0 > b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXFm > 7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAhp > UpXIZ1s= > =zgqd > -----END PGP SIGNATURE----- > > -- > Become a medical transcriptionist at home, at your own pace. > http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7cDXj4iASDyccuLtQA2i9f1le/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists