Bugtraq mailing list archives
Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome
From: "MustLive" <mustlive () websecurity com ua>
Date: Sat, 25 Jul 2009 23:25:56 +0300
Hello Bugtraq! As I checked this DoS vulnerability today, it also works in IE7, besides IE6. Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous versions (and potentially next versions). P.S. Also I wrote to Ruben Reguero two days ago, and told him that it was strange that in Firefox 3.5 he had no problems (with this exploit). And maybe he has last Firefox 3.5.1. After that he answered me and confirmed it. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
-----Original Message----- From: MustLive [mailto:mustlive () websecurity com ua] Sent: Sunday, July 19, 2009 10:33 AM To: bugtraq () securityfocus com Subject: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome Hello Bugtraq! I want to warn you about Denial of Service vulnerabilities in Firefox, Internet Explorer, Opera and Chrome. Recently buffer overflow vulnerability in Mozilla Firefox 3.5 was found by Andrew Haynes and Simon Berry-Byrne (http://websecurity.com.ua/3337/). After I checked at 16.07.2009 this vulnerability in different browsers, I found that this Denial of Service vulnerability also exists in Firefox 3.0.11, Internet Explorer 6 and Opera 9.52 (and later also in Chrome 2.0.172). DoS: http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%20Exploit2.html With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM, Opera freezes at that consumes resources of CPU and RAM, and Chrome crashes.. Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and also Firefox 3.5). Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous versions. And potentially next versions (IE7 and IE8). Vulnerable version is Opera 9.52 and previous versions (and potentially next versions too). Vulnerable version is Google Chrome 2.0.172 and previous versions. At that Google Chrome 1.0.154.48 is not vulnerable - it's possible that vulnerable is only Chrome 2.x. I mentioned about this vulnerability at my site (http://websecurity.com.ua/3338/). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
!DSPAM:4a6b6a82117011950414320!
Current thread:
- Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome MustLive (Jul 21)
- <Possible follow-ups>
- Re: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome MustLive (Jul 27)