lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 25 Jul 2009 23:25:56 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <bugtraq@...urityfocus.com>
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and  Chrome

Hello Bugtraq!

As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.

Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).

P.S.

Also I wrote to Ruben Reguero two days ago, and told him that it was strange
that in Firefox 3.5 he had no problems (with this exploit). And maybe he has
last Firefox 3.5.1. After that he answered me and confirmed it.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

> -----Original Message-----
> From: MustLive [mailto:mustlive@...security.com.ua]
> Sent: Sunday, July 19, 2009 10:33 AM
> To: bugtraq@...urityfocus.com
> Subject: DoS vulnerabilities in Firefox, Internet Explorer, Opera and
> Chrome
>
> Hello Bugtraq!
>
> I want to warn you about Denial of Service vulnerabilities in Firefox,
> Internet Explorer, Opera and Chrome.
>
> Recently buffer overflow vulnerability in Mozilla Firefox 3.5 was found by
> Andrew Haynes and Simon Berry-Byrne (http://websecurity.com.ua/3337/).
> After
> I checked at 16.07.2009 this vulnerability in different browsers, I found
> that this Denial of Service vulnerability also exists in Firefox 3.0.11,
> Internet Explorer 6 and Opera 9.52 (and later also in Chrome 2.0.172).
>
> DoS:
>
> http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%20Exploit2.html
>
> With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
> Opera freezes at that consumes resources of CPU and RAM, and Chrome
> crashes..
>
> Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and
> also
> Firefox 3.5).
>
> Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
> versions. And potentially next versions (IE7 and IE8).
>
> Vulnerable version is Opera 9.52 and previous versions (and potentially
> next
> versions too).
>
> Vulnerable version is Google Chrome 2.0.172 and previous versions. At that
> Google Chrome 1.0.154.48 is not vulnerable - it's possible that vulnerable
> is only Chrome 2.x.
>
> I mentioned about this vulnerability at my site
> (http://websecurity.com.ua/3338/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua 


!DSPAM:4a6b6a82117011950414320!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ