Re[4]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers

From: Vladimir '3APA3A' Dubrovin <3APA3A@SECURITY.NNOV.RU>
To: John Smith <at-x@live.com>
Cc: MustLive <mustlive@websecurity.com.ua>,Susan Bradley <sbradcpa@pacbell.net>,bugtraq@securityfocus.com
Subject: Re[4]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
Date:


Dear John Smith,

 In  general  case  we  are  discussing,  DoS may be caused by e.g. some
 combination of allowed tags/properties or by malformed image.

 As  it  was  pointed  by  author,  this  attack  may  be performed with
 scripting  disabled  (with [iframe src=]). That's why e-mail vector may
 be significant.


--Friday, May 28, 2010, 11:55:28 PM, you wrote to 3APA3A@SECURITY.NNOV.RU:

JS> Point taken. But that'd be a non-issue on the browser's end as much as
JS> site's that is allowing the rogue scripts (or malformed ads, as per your
JS> example).
JS> The fork of this mail thread clearly explains what I'm talking about. The
JS> issue noted there is a simple DoS attack which every programming language
JS> and platform is vulnerable too. Its called the "infinite loop". It is not a
JS> 'security vulnerability' by itself and is completely agnostic of the uri
JS> handler (try http or anything instead of nntp).

JS> Here's the simplified JS version of it (lets call it the Universal DoS --
JS> yes, it'd work for every browser on the planet that can execute JS) -

JS> <script>
JS> while(1)alert('hello world');
JS> </script>

JS> Done!

JS> Workaround:
JS> None very intuitive. Maybe allow the user to terminate the script at every
JS> iteration? specific time period? etc...

JS> --------------------------------------------------
JS> From: "Vladimir '3APA3A' Dubrovin" <3APA3A@SECURITY.NNOV.RU>
JS> Sent: Friday, May 28, 2010 11:47 PM
JS> To: "John Smith" <at-x@live.com>
JS> Cc: "MustLive" <mustlive@websecurity.com.ua>; "Susan Bradley" 
JS> <sbradcpa@pacbell.net>; <bugtraq@securityfocus.com>
JS> Subject: Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
JS> Opera and other browsers

>> Dear John Smith,
>>
>> Actually,  browser DoS may be quite serious vulnerability, depending on
>> nature  of  DoS.  Think  about e.g. banner or content exchange network,
>> social  networks,  web  boards,  etc where browser vulnerability may be
>> used  against  site  or  page because it will harm any visitors of this
>> site or page.
>>
>> In  case  of  this  very vulnerability, most serious impact may be from
>> e-mail vector.
>>
>> --Friday, May 28, 2010, 7:07:50 PM, you wrote to 
>> mustlive@websecurity.com.ua:
>>
>> JS> Just a few cents - DoS in webbrowsers doesn't fall under the category
>> of
>> JS> "vulnerabilities" rather more of "annoyances". Although I don't deny
>> the
>> JS> fact that certain DoS attacks *may lead* or *may serve as hints* to
>> other
>> JS> more serious exploits, but that's a different topic and with ASLR in
>> the
>> JS> scene, a very grey area of discussion.
>>
>>
>>
>> -- 
>> Skype: Vladimir.Dubrovin
>> ~/ZARAZA http://securityvulns.com/
>>    ,   .   . 
>> ()
>>
>> 


-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
     ,
   2x2,      . ()





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.