lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <000901c999fb$9d86ada0$0100a9c0@ml> Date: Sun, 1 Mar 2009 01:23:08 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <bugtraq@...urityfocus.com> Subject: Re: Nokia N95-8 browser denial of service Hello Thierry! About your message concerning crash in Firefox 3.0.6 (http://securityvulns.ru/Vdocument307.html). Which has similar DoS vulnerability as Nokia N95-8 browser. Some time ago I read your message and also checked Firefox 3.0.6 and confirmed the crash in it. What I can tell you about this hole. In the beginning of September 2008 I already wrote about such DoS vulnerability in Mozilla Firefox (http://websecurity.com.ua/2421/). Which leads to that after running of the exploit the browser begun taking 100% of CPU resources and freezes. The attack was based on using nested marquee tags (this hole was already found in Firefox 1.0 and 1.5). Vulnerable were Mozilla Firefox 3.0.1 and previous versions. This vulnerability was first publicly disclosed DoS in Firefox 3. My exploit don't use JavaScript (as Juan's exploit), just only use HTML. For attacking purposes it's better to use plain HTML exploit, which allows to bypass such protections as turning off JavaScript or using addons like NoScript. I informed Mozilla about this hole (on email) and published it at Bugzilla (https://bugzilla.mozilla.org/show_bug.cgi?id=454434). But Mozilla completely ignored it (as all other vulnerabilities, which I informed them about in 2007, 2008 and 2009 years). For example last hole in Firefox 3, which I disclosed 13.02.2009 (and informed Mozilla) was Charset Inheritance vulnerability in Mozilla Firefox 3 (http://websecurity.com.ua/2879/) - and they even didn't answered me yet about it. For example, when I informed Google about Charset Inheritance vulnerability in Google Chrome (http://websecurity.com.ua/2844/), they quickly answered me - that they decided to not fix it (but still not ignored letter like Mozilla). In September 2009 DoS vulnerability in SeaMonkey was found (http://websecurity.com.ua/2820/), which uses the same attack (on marquee-vulnerability which was ignored by Mozilla). But unlike FF, SeaMonkey crashes - this is already another type of DoS vulnerabilities in browser (http://websecurity.com.ua/2550/). And in February you found that last version of Firefox also crashes. So Mozilla not only didn't fix the vulnerability, which I found in Firefox 3.0.1 (and which was known yet in FF1), but even strengthened it in last versions of the browser. They altered it from resources consumption DoS to crashing DoS. This situation similar to Charset Inheritance vulnerability in Mozilla Firefox 3, which wasn't in Firefox 3.0.1 and previous versions (after fix in 2007), but which Mozilla "added" in Firefox from version 3.0.2. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Powered by blists - more mailing lists