lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 May 2012 19:16:37 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <Valdis.Kletnieks@...edu> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer and Opera Hello Valdis! > Anybody want to guess how many cores are on his test box? :) It's too simple puzzle :-). The most interesting in these results it's crashes and freezes. Of course I know about this dependence of CPU consuming from the number of CPU cores (just after I've upgraded first time from 1 core to 2 cores CPU in March 2009). During this testing I've checked this exploit (in Firefox) on one notebook - the only computer with single core CPU at my home - and results was 88% CPU consumption. I decided to not mention about these differences, because it's not so interesting comparing to crashes and freezes, and people should be aware about this dependence. Nowadays multicore CPUs are very widespread, so these results will be close to common modern computers - more resources consumption and more risk will be for single core CPU computers, such as older PCs and different modern gadgets. Note, guys, that this type of exploits for browsers, which consume only 50% CPU on multicore CPU, are widespread, but I published a lot of exploits, which consume more resources on multicore CPU computers. Particularly exploits from series of multiple DoS exploits for different browsers, which I published in 2010. As I've just tested few of them, they consumed up to 76% CPU on my new PC (which I've assembled in March), and on my old PC with two cores CPU they were consuming even more resources. > Depends how many browsers instances he launched to make the DoS more > effective : o ) Boddin, I'm always testing exploits with one browser instance at a time. With crashes and freezes of the browsers the effectiveness of DoS is sufficient enough ;-). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: <Valdis.Kletnieks@...edu> To: "MustLive" <mustlive@...security.com.ua> Cc: <submissions@...ketstormsecurity.org>; <full-disclosure@...ts.grok.org.uk> Sent: Monday, April 30, 2012 4:37 PM Subject: Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer and Opera On Mon, 30 Apr 2012 15:37:08 +0300, "MustLive" said: > * Mozilla Firefox 3.0.19 consumes resources (50% CPU and a lot of RAM) and > crashes. > * Mozilla Firefox 3.5.11 consumes resources (50% CPU and a lot of RAM) and > crashes. > * Mozilla Firefox 3.6.8 consumes resources (50% CPU and a lot of RAM) and > crashes. > * Mozilla Firefox 4.0 beta 2 freezes and consumes resources (50% CPU and a > lot of RAM). > * Mozilla Firefox 11.0 freezes and consumes resources (50% CPU and a lot > of RAM). > * Internet Explorer 6 freezes and consumes resources (50% CPU and a lot of > RAM). > * Internet Explorer 7 freezes and consumes resources (50% CPU and a lot of > RAM). > * Internet Explorer 8 only consumes resources (50% CPU and a lot of RAM). > I.e. in IE8 the problem was partly fixed by Microsoft. > * Opera 10.62 freezes and consumes resources (50% CPU and a lot of RAM). Anybody want to guess how many cores are on his test box? :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists