| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jun 2010 16:45:20 -0400
From: Manuel Moreno Leiva <morenoleiva@...il.com>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DoS vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera
This Vulnerability have a CVE number or Bugtrack ID?
I Cant find any official information about this!
Regards
Manuel Moreno
Insecure
2010/5/28 MustLive <mustlive@...security.com.ua>
> Hello Full-Disclosure!
>
> I want to warn you about security vulnerabilities in different browsers.
>
> -----------------------------
> Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
> Opera
> -----------------------------
> URL: http://websecurity.com.ua/4238/
> -----------------------------
> Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
> 8, Google Chrome, Opera.
> -----------------------------
> Timeline:
>
> 26.05.2010 - found vulnerabilities.
> 26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
> 27.05.2010 - disclosed at my site.
> -----------------------------
> Details:
>
> After publication of previous vulnerabilities in different browsers, I
> continued my researches and found many new vulnerabilities in browsers,
> which I called by general name DoS via protocol handlers, to which belonged
> and previous DoS attack via mailto handler.
>
> Now I'm informing about DoS in different browsers via protocols news and
> nntp. These Denial of Service vulnerabilities belongs to type
> (http://websecurity.com.ua/2550/) blocking DoS and resources consumption
> DoS. These attacks can be conducted as with using JS, as without it (via
> creating of page with large quantity of iframes).
>
> DoS:
>
>
> http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html
>
> This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides
> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
> (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
> 1.0.154.48 and Opera 9.52.
>
> In all mentioned browsers occurs blocking and overloading of the system
> from
> starting of Opera, which appeared as news-client at my computer, and IE8
> crashes (at computer without Opera). And in Opera the attack is going
> without blocking, only resources consumption (more slowly then in other
> browsers).
>
>
> http://websecurity.com.ua/uploads/2010/Firefox,%20IE%20&%20Opera%20DoS%20Exploit.html
>
> This exploit for nntp protocol works in Mozilla Firefox 3.0.19 (and besides
> previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
> (6.0.2900.2180) and Opera 9.52.
>
> In all mentioned browsers occurs blocking and overloading of the system
> from
> starting of Opera, which appeared as nntp-client at my computer. In IE8 the
> attack didn't work - possibly because that at that computer there was no
> nntp-client, Opera in particular. And in Opera the attack is going without
> blocking, only resources consumption (more slowly then in other browsers).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists