lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FBEB4AD.7060804@insecure.ws> Date: Sat, 22 Nov 2003 01:58:21 +0100 From: "kang@...ecure.ws" <kang@...ecure.ws> To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: safari dos Original is here: http://www.insecure.ws/article.php?story=20031122012748282 Safari will never exit a loop in javascript. Since javascript isn't executed in a thread, this cause a DoS (Safari crashes). Firebird has been tested and is not vulnerable. I don't know about other browers on MacOSX, but they are probably not vulnerable. (OmniWeb?) /As usual, read more for exploit/explanation/ ---------- |Adv: safari_0x02 Release Date: 22/11/03 Affected Products: Safari =< 1.1.1 Impact: Denial of Service Severity: Remote, low Author: kang, kang@...ecure.ws | A very simple javascript block like this one: while (true) { document.location "sherlock://com.apple.movies?" } is enought to lock up Safari, effectivly DoSing it. Notice that you must call a protocol helper in the loop, here I'm calling Sherlock. Otherwise, the loop is aborted and Safari functions normally. There is no fix available yet. Vendor has been informed. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists