[<prev] [next>] [day] [month] [year] [list]
Message-ID: <89C000B134094E3AB8B7523ED11B1AED@localhost>
Date: Sun, 20 Jan 2013 14:01:15 +0100
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <bugtraq@...urityfocus.com>,
<full-disclosure@...ts.grok.org.uk>
Cc: bugzilla-daemon@...illa.org
Subject: Mozilla Firefox and Microsoft Internet Explorer
stall when using workaround from MS06-020 or MS06-069
Hi @ll,
the Microsoft security bulletins
<http://technet.microsoft.com/en-us/security/bulletin/ms06-020>
<http://technet.microsoft.com/en-us/security/bulletin/ms06-069>
show the following workaround to disable Macromedia Flash Player
with software restriction policies a.k.a. SAFER:
--- MS06-069.REG ---
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"TransparentEnabled"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{2742f840-c2d8-4eb3-a486-0a9d0879f29f}]
"LastModified"=hex(b):10,c3,8a,19,c6,e3,c5,01
"Description"="Block Macromedia Flash"
"SaferFlags"=dword:00000000
"ItemData"=hex(2):25,77,69,6e,64,69,72,25,2f,73,79,73,74,65,6d,33,32,2f,6d,61,63,72,6f,6d,65,64,2f,66,6c,61,73,68,2f,2a,00
--- EOF ---
When this (or an equivalent) SAFER rule to block flash player
is set AND the flash player plugin/activex control is installed
and enabled in Mozilla Firefox or Microsoft Internet Explorer,
then both browsers stall or slow to a crawl as soon as a web page
which uses the flash player plugin/activex control is loaded.
Apparently both web browsers handle the return code(s) from the
denied loading of the flash player plugin/activex control wrong!
Tested with MSIE6 to MSIE9 on Windows XP to Windows 7,
and Mozilla Firefox 1x.x on Windows XP and Windows 7.
Stefan Kanthak
PS: Opera doesn't show this error!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists