lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <01e301caf68c$ea97c630$010000c0@ml>
Date: Tue, 18 May 2010 16:20:20 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DoS vulnerabilities in Firefox, Internet Explorer,
	Chrome, Opera and other browsers

Hello Full-Disclosure!

I want to warn you about security vulnerability in different browsers.

-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera
and other browsers
-----------------------------
URL: http://websecurity.com.ua/4206/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
8, Google Chrome, Opera and other browsers.
-----------------------------
Timeline:

16.05.2010 - found vulnerability.
17.05.2010 - disclosed at my site.
18.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
-----------------------------
Details:

At 30.02.2010 Mozilla fixed vulnerability (small one, which poses no
security risk, as they said), found by Henry Sudhof - Mozilla Foundation
Security Advisory 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) (Image src
redirect to mailto: URL opens email editor). Which allow to open email
client at user's computer via redirector, which redirecting to mailto: URL.
But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
SeaMonkey 2.0.4, but not in Firefox 3.0.x.

After I recently read this advisory, I decided to check different browsers.
And as I checked at 16.05.2010, to this vulnerability are vulnerable web
browsers Firefox 3.0.19 and Opera 9.52. And I created exploit for conducting
of DoS attack on Firefox.

Also I found possibility to open email client via iframe with mailto: URL.
Which works in browsers Firefox 3.0.19, IE6, IE8 and Chrome. And I created
exploit for conducting of attack on all browsers, which I called DoS via
email. This attack can be conducted as with using JS, as without it (via
creating of page with large quantity of iframes).

If attack via images at a page (which open email client) is only discomfort,
then attack via images or iframes with using my exploits is Denial of
Service vulnerability. It belongs to type (http://websecurity.com.ua/2550/)
blocking DoS and resources consumption DoS. These exploits are very
dangerous - at their starting, if to not stop attack in time, they can lead
to full consumption of computer's resources (potentially even to freezing of
the system).

DoS:

http://websecurity.com.ua/uploads/2010/Firefox%20DoS%20Exploit.html

This exploit works in Mozilla Firefox (Firefox <= 3.0.19, Firefox < 3.5.9,
Firefox < 3.6.2) and SeaMonkey < 2.0.4.

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit.html

This exploit works in Mozilla Firefox (besides 3.0.x and previous versions,
it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180),
Internet Explorer 8 (8.0.7600.16385), Google Chrome 1.0.154.48 and Opera
9.52. At that in Opera the exploit don't open email client, so DoS attack is
going without blocking, only resources consumption (more slowly then in
other browsers). And also this exploit must work in SeaMonkey, Internet
Explorer 7 and other browsers.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ