lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Nov 2003 01:58:21 +0100
From: "" <>
Subject: safari dos

Original is here:

Safari will never exit a loop in javascript. Since javascript isn't 
executed in a thread, this cause a DoS (Safari crashes).
Firebird has been tested and is not vulnerable. I don't know about other 
browers on MacOSX, but they are probably not vulnerable. (OmniWeb?)

/As usual, read more for exploit/explanation/


|Adv: safari_0x02
Release Date: 22/11/03
Affected Products: Safari =< 1.1.1
Impact: Denial of Service
Severity: Remote, low
Author: kang,

A very simple javascript block like this one:

while (true)
{ document.location "sherlock://" }

is enought to lock up Safari, effectivly DoSing it.
Notice that you must call a protocol helper in the loop, here I'm 
calling Sherlock. Otherwise, the loop is aborted and Safari functions 
There is no fix available yet. Vendor has been informed.

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists