Bugtraq mailing list archives
Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
From: "MustLive" <mustlive () websecurity com ua>
Date: Mon, 31 May 2010 19:03:37 +0300
Hello Susan and other readers, who replied to my previous advisory. Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd answer John. But now one important note to every reader of the list, including John Smith. Which I already wrote about 1,5 week ago (after posting of a first advisory about DoS in browsers) to one reader of Full-disclosure who inattentively read that advisory (he missed message about attacking without JS) and also to Mozilla (who became discussing this issue and only drew attention to attacking with JS vector). That, as I wrote in both advisories, this attack via iframes can also be conducted without JavaScript. So even turning JS off will not help. Due to advantages of JS exploit for these vulnerabilities over non-JS exploit, I wrote JavaScript exploits for these advisories and I'd write for future advisories (but I'd be reminding about possibility of attacking without JS). But soon I'll present one exploit also in "pure-iframe" version (without JS) for Internet Explorer and other applications - in case when small amount of iframes lead to crash.
Thank you. Now if you could wait for patches before disclosing I'd be even happier.
Susan, you are welcome. I would be happy to wait for patches of browser vendors, but as already told you in details, it's not possible due to behavior of browser vendors. All they mostly ignore such holes, all they don't count DoS as vulnerabilities, they called them "stability issues" and so don't attend to them seriously (and not fixing or fixing slowly). I don't respect such statement as "stability issues" for DoS holes, and during 2008-2010 I worked hard to change vendors' mind on this issue, but they still ignore it. Also, as I already told you, they never told if they fixed or not such holes (especially taking into account that they almost always ignore my letters with such holes or, as Opera did few times, answering with "it's stability issues" statement). So I have no possibility to know from them if they fixed it or not - and because they don't care about such issues (ignoring them orcalling them stability issues), they never mentioned about them in vendors advisories. Only one time Microsoft informed me about fixing DoS hole in Outlook - even they called it stability issue they informed me after they released a patch for it (which was serious approach, but not Microsoft for IE, nor other vendors use such approach for DoS holes in browsers).
But take into account that I informed (at 26.05.2010) all four browser vendors about many vulnerabilities, which I'll disclose in the future. So they are informed for long time in advance :-). And so you have no need to worry, because with every day they become more and more "informed long time ago" and have more and more days to fix these holes. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua----- Original Message ----- From: "Susan Bradley" <sbradcpa () pacbell net>
To: "MustLive" <mustlive () websecurity com ua> Cc: <bugtraq () securityfocus com> Sent: Friday, May 28, 2010 7:06 PM Subject: Re: [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
Thank you. Now if you could wait for patches before disclosing I'd be even happier. MustLive wrote:Hello Bugtraq! I want to warn you about security vulnerability in different browsers. ----------------------------- Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera ----------------------------- URL: http://websecurity.com.ua/4238/ ----------------------------- Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer 8, Google Chrome, Opera. ----------------------------- Timeline: 26.05.2010 - found vulnerabilities. 26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera. Susan Bradley must be happy :-). 27.05.2010 - disclosed at my site. ----------------------------- Details: After publication of previous vulnerabilities in different browsers, I continued my researches and found many new vulnerabilities in browsers, which I called by general name DoS via protocol handlers, to which belonged and previous DoS attack via mailto handler. Now I'm informing about DoS in different browsers via protocols news and nntp. These Denial of Service vulnerabilities belongs to type (http://websecurity.com.ua/2550/) blocking DoS and resources consumption DoS. These attacks can be conducted as with using JS, as without it (via creating of page with large quantity of iframes). DoS: http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome 1.0.154.48 and Opera 9.52. In all mentioned browsers occurs blocking and overloading of the system from starting of Opera, which appeared as news-client at my computer, and IE8 crashes (at computer without Opera). And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers). http://websecurity.com.ua/uploads/2010/Firefox,%20IE%20&%20Opera%20DoS%20Exploit.html This exploit for nntp protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180) and Opera 9.52. In all mentioned browsers occurs blocking and overloading of the system from starting of Opera, which appeared as nntp-client at my computer. In IE8 the attack didn't work - possibly because that at that computer there was no nntp-client, Opera in particular. And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Current thread:
- [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera MustLive (May 28)
- Re: [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera Susan Bradley (May 28)
- Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera MustLive (May 31)
- Re: [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera Susan Bradley (May 28)