[Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera May 28 2010 12:57PM
MustLive (mustlive websecurity com ua) (1 replies)
Hello Bugtraq!

I want to warn you about security vulnerability in different browsers.

-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
8, Google Chrome, Opera.
-----------------------------
Timeline:

26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
Susan Bradley must be happy :-).
27.05.2010 - disclosed at my site.
-----------------------------
Details:

After publication of previous vulnerabilities in different browsers, I
continued my researches and found many new vulnerabilities in browsers,
which I called by general name DoS via protocol handlers, to which belonged
and previous DoS attack via mailto handler.

Now I'm informing about DoS in different browsers via protocols news and
nntp. These Denial of Service vulnerabilities belongs to type
(http://websecurity.com.ua/2550/) blocking DoS and resources consumption
DoS. These attacks can be conducted as with using JS, as without it (via
creating of page with large quantity of iframes).

DoS:

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Ope
ra%20DoS%20Exploit2.html

This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
1.0.154.48 and Opera 9.52.

In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as news-client at my computer, and IE8
crashes (at computer without Opera). And in Opera the attack is going
without blocking, only resources consumption (more slowly then in other
browsers).

http://websecurity.com.ua/uploads/2010/Firefox,%20IE%20&%20Opera%20DoS%2
0Exploit.html

This exploit for nntp protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180) and Opera 9.52.

In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as nntp-client at my computer. In IE8 the
attack didn't work - possibly because that at that computer there was no
nntp-client, Opera in particular. And in Opera the attack is going without
blocking, only resources consumption (more slowly then in other browsers).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

[ reply ]
Re: [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera May 28 2010 04:06PM
Susan Bradley (sbradcpa pacbell net) (1 replies)
Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera May 31 2010 04:03PM
MustLive (mustlive websecurity com ua) (1 replies)
Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera May 31 2010 09:02PM
John Smith (at-x live com)


 

Privacy Statement
Copyright 2010, SecurityFocus