Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome Jul 20 2009 09:50PM
MustLive (mustlive websecurity com ua)
Hello Jeremiah!

It's possible that Microsoft made IE8 more stable then IE6, so you have such
result with this exploit.

Also take into account the hardware of your computer. If your computer is
powerful enough, then this attack on IE8 and even on IE6 and IE7 can be not
so effective (because it's resource consumption in case of IE as I wrote),
as it can be at not powerful computers. And many people in the world have
not so powerful computers.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message -----
From: "Jeremiah Gowdy" <Jeremiah.Gowdy (at) freedomvoice (dot) com [email concealed]>
To: "MustLive" <mustlive (at) websecurity.com (dot) ua [email concealed]>; <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Monday, July 20, 2009 10:16 PM
Subject: RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and
Chrome

> I've tested this DoS on Internet Explorer 8, does not significantly impact
> my system.
>
> -----Original Message-----
> From: MustLive [mailto:mustlive (at) websecurity.com (dot) ua [email concealed]]
> Sent: Sunday, July 19, 2009 10:33 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: DoS vulnerabilities in Firefox, Internet Explorer, Opera and
> Chrome
>
> Hello Bugtraq!
>
> I want to warn you about Denial of Service vulnerabilities in Firefox,
> Internet Explorer, Opera and Chrome.
>
> Recently buffer overflow vulnerability in Mozilla Firefox 3.5 was found by
> Andrew Haynes and Simon Berry-Byrne (http://websecurity.com.ua/3337/).
> After
> I checked at 16.07.2009 this vulnerability in different browsers, I found
> that this Denial of Service vulnerability also exists in Firefox 3.0.11,
> Internet Explorer 6 and Opera 9.52 (and later also in Chrome 2.0.172).
>
> DoS:
>
> http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%2
0Exploit2.html
>
> With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM,
> Opera freezes at that consumes resources of CPU and RAM, and Chrome
> crashes..
>
> Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and
> also
> Firefox 3.5).
>
> Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
> versions. And potentially next versions (IE7 and IE8).
>
> Vulnerable version is Opera 9.52 and previous versions (and potentially
> next
> versions too).
>
> Vulnerable version is Google Chrome 2.0.172 and previous versions. At that
> Google Chrome 1.0.154.48 is not vulnerable - it's possible that vulnerable
> is only Chrome 2.x.
>
> I mentioned about this vulnerability at my site
> (http://websecurity.com.ua/3338/).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua

!DSPAM:4a64e6c7270521787918217!

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus