lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 13 Jun 2010 19:56:13 +0300
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DoS vulnerabilities in Firefox, Internet Explorer,
	Chrome and Opera

Hello Full-Disclosure!

I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.

All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
mentioned about Mozilla's MFSA 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html), for which
created CVE-2010-0181
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181). If they
consider img with mailto (via redirect) as vulnerability, then iframes with
different protocols is indeed vulnerability (in browsers and email clients).

-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4283/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome,
Opera.
-----------------------------
Timeline:

26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
12.06.2010 - disclosed at my site.
-----------------------------
Details:

Now I'm informing about DoS in different browsers via protocols chrome, wmk
and outlook. Attacks via mail clients are also possible, as I wrote about in
corresponding advisory. These Denial of Service vulnerabilities belong to
type (http://websecurity.com.ua/2550/) blocking DoS and resources
consumption DoS. These attacks can be conducted as with using JS, as without
it (via creating of a page with large quantity of iframes).

DoS:

http://websecurity.com.ua/uploads/2010/Chrome%20&%20Opera%20DoS%20Exploit.html

This exploit for chrome protocol works in Google Chrome 1.0.154.48 and Opera
9.52.

In Chrome occurs blocking of the browser. And in Opera occurs resources
consumption (CPU and memory).

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit4.html

This exploit for wmk protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.

For work of exploit the WebMoney Keeper Classic must be installed. In
browsers Firefox and IE occurs blocking and overloading of the system from
starting of WebMoney Keeper (also must work in IE8, but there was no
WebMoney Keeper at the computer with IE8 to check it). In Chrome occurs
blocking of the browser. And in Opera the attack is going without blocking,
only resources consumption (more slowly then in other browsers).

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit5.html

This exploit for outlook protocol works in Mozilla Firefox 3.0.19 (and
besides previous versions, it must work in 3.5.x and 3.6.x), Internet
Explorer 6 (6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.

For work of exploit the Microsoft Outlook must be installed. In browsers
Firefox and IE occurs blocking and overloading of the system from starting
of Outlook (doesn't work in IE8). At that, if to allow automatic start of
the program handler of this protocol in Firefox, by setting checkbox, then
insead of blocking of the browser, there will be blocking and overloading of
the system (as in occurs in IE). In Chrome occurs blocking of the browser.
And in Opera the attack is going without blocking, only resources
consumption (more slowly then in other browsers). If there is no Outlook at
the computer, then in Firefox occurs blocking of the browser, and in IE and
Opera occurs resources consumption.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ