| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Jun 2010 14:50:45 +0300 From: "MustLive" <mustlive@...security.com.ua> To: "Manuel Moreno Leiva" <morenoleiva@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera Hello Manuel! > This Vulnerability have a CVE number or Bugtrack ID? I wrote to Bugtraq and Full-Disclosure, so if CVE or any other bugtracks will decide, they'll give their IDs to these vulnerabilities (I posted three advisories about attacks via 5 protocols), which belong to group of DoS via protocol handlers. For example there is SecurityVulns ID for them: 10851 (http://securityvulns.com/news/Browsers/mailto.html). But note the next, which I told in details in Bugtraq (http://www.securityfocus.com/archive/1/511364/30/0/threaded) in conversation with Susan Bradley, and later John Smith and Vladimir Dubrovin join it. That all browser vendors in most cases don't care about DoS holes and mostly don't fix them. And as I wrote in continuation of previous discussion (http://www.securityfocus.com/archive/1/511570), all browser vendors don't count DoS as vulnerabilities, they called them "stability issues" and so don't attend to them seriously (and not fixing or fixing slowly). For this reason they can to not make their own security advisories and so there will be no CVE number or Bugtrack ID granted to these issues (in this case they can be granted only if MITRE and others decided to give their IDs without looking at browser vendors). Also take into account that for "Image src redirect to mailto: URL" vulnerability Mozilla released their security advisory MFSA 2010-23 (http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) and there was CVE-2010-0181 for it. So it's possible then they will decide to make such ones for this vulnerability with iframes and different protocols. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: Manuel Moreno Leiva To: MustLive Cc: full-disclosure@...ts.grok.org.uk Sent: Wednesday, June 02, 2010 11:45 PM Subject: Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera This Vulnerability have a CVE number or Bugtrack ID? I Cant find any official information about this! Regards Manuel Moreno Insecure 2010/5/28 MustLive <mustlive@...security.com.ua> Hello Full-Disclosure! I want to warn you about security vulnerabilities in different browsers. ----------------------------- Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera ----------------------------- URL: http://websecurity.com.ua/4238/ ----------------------------- Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer 8, Google Chrome, Opera. ----------------------------- Timeline: 26.05.2010 - found vulnerabilities. 26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera. 27.05.2010 - disclosed at my site. ----------------------------- Details: After publication of previous vulnerabilities in different browsers, I continued my researches and found many new vulnerabilities in browsers, which I called by general name DoS via protocol handlers, to which belonged and previous DoS attack via mailto handler. Now I'm informing about DoS in different browsers via protocols news and nntp. These Denial of Service vulnerabilities belongs to type (http://websecurity.com.ua/2550/) blocking DoS and resources consumption DoS. These attacks can be conducted as with using JS, as without it (via creating of page with large quantity of iframes). DoS: http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome 1.0.154.48 and Opera 9.52. In all mentioned browsers occurs blocking and overloading of the system from starting of Opera, which appeared as news-client at my computer, and IE8 crashes (at computer without Opera). And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers). http://websecurity.com.ua/uploads/2010/Firefox,%20IE%20&%20Opera%20DoS%20Exploit.html This exploit for nntp protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180) and Opera 9.52. In all mentioned browsers occurs blocking and overloading of the system from starting of Opera, which appeared as nntp-client at my computer. In IE8 the attack didn't work - possibly because that at that computer there was no nntp-client, Opera in particular. And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists