lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 May 2009 20:38:18 +0200 From: Thierry Zoller <Thierry@...ler.lu> To: "Jim Parkhurst" <JPARKHUR@....state.tx.us> Cc: cert@...t.org, info@...cl.etat.lu, "full-disclosure" <full-disclosure@...ts.grok.org.uk>, <cve@...re.org>, <nvd@...t.gov>, <vuln@...unia.com>, "bugtraq" <bugtraq@...urityfocus.com> Subject: Re[2]: [Full-disclosure] Addendum : [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG) Hi Jim, Read again: Affected : All Firefox versions that support SVG. Then think about what version of Firefox you are using. JP> If I understand the process, saving the text at [IV. Proof of JP> concept] (following the "~~~..." to an .XHTML file, and launch the JP> file using Firefox, I should lose functionality ("Browser doesn't JP> respond any longer to any user input, all tabs are no longer JP> accessible, your work if any (hail to the web 2.0) might be lost.") JP> Using FF2.0.0.20 and the file does not result in loss of use. All JP> tabs are functional. All JAVA links continue function. Same JP> result for naming the POC file to .HTML, .HTM. >>>> Thierry Zoller <Thierry@...ler.lu> 05/26/2009 13:13 >>> JP> For those that failed to reproduce, try naming the POC file with an XHTML JP> extension. JP> _______________________________________________ JP> Full-Disclosure - We believe in it. JP> Charter: http://lists.grok.org.uk/full-disclosure-charter.html JP> Hosted and sponsored by Secunia - http://secunia.com/ -- http://blog.zoller.lu Thierry Zoller
Powered by blists - more mailing lists