Re[4]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers

["Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>]

Dear John Smith,

 In  general  case  we  are  discussing,  DoS may be caused by e.g. some
 combination of allowed tags/properties or by malformed image.

 As  it  was  pointed  by  author,  this  attack  may  be performed with
 scripting  disabled  (with [iframe src=]). That's why e-mail vector may
 be significant.


--Friday, May 28, 2010, 11:55:28 PM, you wrote to 3APA3A () SECURITY NNOV RU:

JS> Point taken. But that'd be a non-issue on the browser's end as much as
JS> site's that is allowing the rogue scripts (or malformed ads, as per your
JS> example).
JS> The fork of this mail thread clearly explains what I'm talking about. The
JS> issue noted there is a simple DoS attack which every programming language
JS> and platform is vulnerable too. Its called the "infinite loop". It is not a
JS> 'security vulnerability' by itself and is completely agnostic of the uri
JS> handler (try http or anything instead of nntp).

JS> Here's the simplified JS version of it (lets call it the Universal DoS --
JS> yes, it'd work for every browser on the planet that can execute JS) -

JS> <script>
JS> while(1)alert('hello world');
JS> </script>

JS> Done!

JS> Workaround:
JS> None very intuitive. Maybe allow the user to terminate the script at every
JS> iteration? specific time period? etc...

JS> --------------------------------------------------
JS> From: "Vladimir '3APA3A' Dubrovin" <3APA3A () SECURITY NNOV RU>
JS> Sent: Friday, May 28, 2010 11:47 PM
JS> To: "John Smith" <at-x () live com>
JS> Cc: "MustLive" <mustlive () websecurity com ua>; "Susan Bradley" 
JS> <sbradcpa () pacbell net>; <bugtraq () securityfocus com>
JS> Subject: Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
JS> Opera and other browsers

> > Dear John Smith,
> >
> > Actually,  browser DoS may be quite serious vulnerability, depending on
> > nature  of  DoS.  Think  about e.g. banner or content exchange network,
> > social  networks,  web  boards,  etc where browser vulnerability may be
> > used  against  site  or  page because it will harm any visitors of this
> > site or page.
> >
> > In  case  of  this  very vulnerability, most serious impact may be from
> > e-mail vector.
> >
> > --Friday, May 28, 2010, 7:07:50 PM, you wrote to 
> > mustlive () websecurity com ua:
> >
> > JS> Just a few cents - DoS in webbrowsers doesn't fall under the category
> > of
> > JS> "vulnerabilities" rather more of "annoyances". Although I don't deny
> > the
> > JS> fact that certain DoS attacks *may lead* or *may serve as hints* to
> > other
> > JS> more serious exploits, but that's a different topic and with ASLR in
> > the
> > JS> scene, a very grey area of discussion.
> >
> >
> >
> > -- 
> > Skype: Vladimir.Dubrovin
> > ~/ZARAZA http://securityvulns.com/
> > Стреляя во второй раз, он искалечил постороннего. Посторонним был я. 
> > (Твен)


-- 
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
Машина оказалась способной к единственному действию,
а именно умножению 2x2, да и то при этом ошибаясь. (Лем)