| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 03 Mar 2009 06:18:25 -0500 From: bobby.mugabe@...hmail.com To: full-disclosure@...ts.grok.org.uk, security.mustache@...il.com Subject: Re: Apple Safari ... DoS Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Valdis, I have been able to reproduce a similar situation using Firefox under MacOSX, using different websites and a significantly larger number of tabs. Do you think these issues might be related or are they operating system specific? What model of CPU were you testing this issue under? Thanks, - -bm On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache <security.mustache@...il.com> wrote: >I would like to point out that I have been able to create a "hung" >state in the Firefox browser by opening 30 simultaneous tabs >pointed >at http://www.welcometointernet.org/lawnmower/ and adding a 31st >tab >viewing http://www.hotrussianbrides.com. > >Also, I am not amused. > > >Your humble servant, >Ze Mustache von Kletnieks > >On Mon, Mar 2, 2009 at 10:29 PM, <bobby.mugabe@...hmail.com> >wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Dear Nick, >> >> You and Thierry Loller are wrong. >> >> - -bm >> >> On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald <nick@...us- >> l.demon.co.uk> wrote: >>>Chris Evans to Thierry Zoller: >>> >>>> > Example >>>> > If a chrome tab can be crashed arbritarely (remotely) it is >a >>>DoS attack >>>> > but with ridiculy low impact to the end-user as it only >>>crashes the tab >>>> > it was subjected to, and not the whole browser or operation >>>system. >>>> > But the fact remains that this was the impact of a DoS >>>condition, >>>> > the tab crashes arbritarily. >>>> >>>> Eh? If you visit www.evil.com and your tab crashes, that's no >>>> different from www.evil.com closing its own tab with >Javascript. >>> >>>But what if www.evil.com has run an injection attack of some >kind >>>(SQL, >>>XSS in blog comments, etc, etc) against www.stupid.com? >>> >>>Visitors to stupid.com then suffer a DoS... >>> >>>Yes, stupid.com should run their site better, fix their myriad >XSS >>>holes, >>>etc, etc. >>> >>>But this is the Internet, so this "software flaw" can be >leveraged >>>as >>>security vulnerability. >>> >>>I'm with Thierry on this... >>> >>> >>>Regards, >>> >>>Nick FitzGerald >>> >>> >>>_______________________________________________ >>>Full-Disclosure - We believe in it. >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>Hosted and sponsored by Secunia - http://secunia.com/ >> -----BEGIN PGP SIGNATURE----- >> Charset: UTF8 >> Version: Hush 3.0 >> Note: This signature can be verified at >https://www.hushtools.com/verify >> >> >wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh8+ >0 >> >b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fxXF >m >> >7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5eAh >p >> UpXIZ1s= >> =zgqd >> -----END PGP SIGNATURE----- >> >> -- >> Become a medical transcriptionist at home, at your own pace. >> >http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc7c >DXj4iASDyccuLtQA2i9f1le/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVrkn TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlNA5 wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3vju P7xAvvQ= =avqi -----END PGP SIGNATURE----- -- Click to find great rates on health insurance, save big, shop here. http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2GWai39WLJo4QlOxYCnjxaqn9u/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists