| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 3 Jul 2010 23:18:33 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <bugtraq@...urityfocus.com> Subject: [Suspected Spam]File Download and DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera Hello Bugtraq! I want to warn you about File Download and Denial of Service vulnerabilities in Mozilla Firefox, Internet Explorer, Google Chrome and Opera. Earlier I already wrote about DoS vulnerabilities in different browsers via different protocol handlers. And now I'll tell about research concerned with attacks via protocols http and ftp which I made already in 2008 and published at 30.06.2010. ----------------------------- Advisory: File Download and DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera ----------------------------- URL: http://websecurity.com.ua/4334/ ----------------------------- Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome, Opera. Other browsers can be vulnerable as well. ----------------------------- Details: On 18th of September 2008 I found File Download and Denial of Service vulnerabilities in Firefox, Internet Explorer, Chrome and Opera. This research I begun after I found in September multiple Automatic File Download vulnerabilities in Google Chrome, which I wrote in details in the article Automatic File Download vulnerabilities in browsers (http://websecurity.com.ua/2438/). Goal of this research was to create a method of conducting File Download attacks in different browsers (and DoS attacks via SaveAs functionality). Which I called SaveAs attack. And even this attack (file saving) is not going automatically (as it took place in first versions of Chrome - in more new versions of its browser Google fixed this vulnerability, after my warnings, and browser asks before downloading files), but due to persistent showing of the window for file saving, the user can accidentally press at "Save" and save file. Unlike Automatic File Download in Chrome, this attack is working in different browsers (including in new versions of Chrome). So this method can be used for forced file saving at users' computer. And also this method can be used for conducting of DoS attacks (via creating of multiple windows for saving of files). File Download attack can lead to Code Execution, if user will later open file (malicious), which was saved by him. These File Download and DoS attacks are conducted via protocols http and ftp. I set in exploits the files at servers of Google (for http) and Microsoft (for ftp) - these companies have more server capacities for this task. Denial of Service vulnerabilities belong to type (http://websecurity.com.ua/2550/) blocking DoS and resources consumption DoS. These two attacks can be conducted as with using JS, as without it (via creating of a page with large quantity of iframes and in Chrome it's also possible to use frames). File Download and DoS: http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit6.html (http protocol) http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit7.html (ftp protocol) Both exploits work in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52. In browsers Firefox, IE6 and Opera occur blocking and overloading of the system (and Firefox 3.0.1 was crashing). In Chrome occurs blocking of the browser. But both exploits don't work in IE8. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Powered by blists - more mailing lists