lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 5 Sep 2023 14:50:14 +0300
From: Georgi Guninski <gguninski@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Minor firefox DoS - semi silently polluting ~/Downloads with
	files

This is barely a DoS, but since Chrome has explicit protection
against it, we decided to disclose it.

If firefox user visits a specially crafted page, then firefox
may create many files in `~/Downloads`,
The user is notified about this in a small dialog, but there is
no option to stop the downloads.
The potential denial of service is that the user must manually
delete the created files and this might be PITA.

Technically about the PoC:  create non-empty file `xml.doc`.
To force download, add to the page `iframe src="xml.doc"`.
To force creation of new files, add `body onload="location.reload()"`
(there are several other options about this).

[Proof of concept][1]

To out surprise, Chrome is safe from this and it distinguishes
manual download from automated download and this might be because
it is aware about this DoS.

Affected:  firefox 117 on GNU/Linux and reportedly on Windows.
Not Affected:  firefox on android, Chrome, lynx.

[1]: https://j.ludost.net/y3.html
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ