lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1184234113.6965.3.camel@localhost>
Date: Thu, 12 Jul 2007 11:55:13 +0200
From: Michał Melewski <mike@...stein.kill-9.pl>
To: gynvael@...dwind.pl
Cc: bugtraq@...urityfocus.com
Subject: Re: Re: [Eleytt] 7LIPIEC2007

Dnia 10-07-2007, wto o godzinie 21:46 +0000, gynvael@...dwind.pl
napisał(a):
> Michal Zalewski wrote:
> >> 1. Firefox 2.0.0.4 Remote Denial of Service Vulnerability
> >> http://sapheal.hack.pl/phun/ff2die/
> >This does not crash on me, and I can't see a likely mechanism of action
> >that would lead to a DoS condition. 
> 
> It did hang Firefox 2.0.0.4 (32 bit) at my place (Microsoft Vista, x64). The browser did not respond, and had to be killed. Looks like DoS to me.
Yep, firefox stops to respond because this script opens 10000 new
windows. Following that way I can say, that i found DoS in Word, because
when I tried to open 10000 documents it also stopped to respond.


-- 
Michael "carstein" Melewski  |  "We have no future because our present  
carstein()7thguard.net       |  is too volatile. We have only risk 
mobile: 512 357 303          |  management. The spinning of the given 
JID: carstein()gentoo.pl     |  moment's scenarios. Pattern recognition.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ