Bugtraq mailing list archives
DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
From: "MustLive" <mustlive () websecurity com ua>
Date: Sun, 13 Jun 2010 19:55:04 +0300
Hello Bugtraq! I want to warn you about Denial of Service vulnerabilities in Firefox, Internet Explorer, Chrome and Opera. Which belong to type of DoS via protocol handlers. Earlier I already wrote about DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email clients via protocol handlers. This new advisory will show you the situation of browsers behavior with other protocol handlers. All those who doubt that these DoS vulnerabilities in browsers and email clients are security vulnerabilities, must read my first advisory on this topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I mentioned about Mozilla's MFSA 2010-23 (http://www.mozilla.org/security/announce/2010/mfsa2010-23.html), for which created CVE-2010-0181 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181). If they consider img with mailto (via redirect) as vulnerability, then iframes with different protocols is indeed vulnerability (in browsers and email clients). ----------------------------- Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera ----------------------------- URL: http://websecurity.com.ua/4283/ ----------------------------- Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome, Opera. ----------------------------- Timeline: 26.05.2010 - found vulnerabilities. 26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera. 12.06.2010 - disclosed at my site. ----------------------------- Details: Now I'm informing about DoS in different browsers via protocols chrome, wmk and outlook. Attacks via mail clients are also possible, as I wrote about in corresponding advisory. These Denial of Service vulnerabilities belong to type (http://websecurity.com.ua/2550/) blocking DoS and resources consumption DoS. These attacks can be conducted as with using JS, as without it (via creating of a page with large quantity of iframes). DoS: http://websecurity.com.ua/uploads/2010/Chrome%20&%20Opera%20DoS%20Exploit.html This exploit for chrome protocol works in Google Chrome 1.0.154.48 and Opera 9.52. In Chrome occurs blocking of the browser. And in Opera occurs resources consumption (CPU and memory). http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit4.html This exploit for wmk protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52. For work of exploit the WebMoney Keeper Classic must be installed. In browsers Firefox and IE occurs blocking and overloading of the system from starting of WebMoney Keeper (also must work in IE8, but there was no WebMoney Keeper at the computer with IE8 to check it). In Chrome occurs blocking of the browser. And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers). http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit5.html This exploit for outlook protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52. For work of exploit the Microsoft Outlook must be installed. In browsers Firefox and IE occurs blocking and overloading of the system from starting of Outlook (doesn't work in IE8). At that, if to allow automatic start of the program handler of this protocol in Firefox, by setting checkbox, then insead of blocking of the browser, there will be blocking and overloading of the system (as in occurs in IE). In Chrome occurs blocking of the browser. And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers). If there is no Outlook at the computer, then in Firefox occurs blocking of the browser, and in IE and Opera occurs resources consumption. Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
Current thread:
- Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera John Smith (Jun 01)
- <Possible follow-ups>
- DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera MustLive (Jun 02)
- DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera MustLive (Jun 15)