oss-sec mailing list archives

Re: CVE request for browser IFRAME/file download DoS

From: Josh Bressers <bressers () redhat com>
Date: Tue, 6 Jul 2010 15:07:58 -0400 (EDT)

This is more complicated than I wish to deal with. I'm going to defer this
one to MITRE.

Thanks.

-- 
    JB


----- "Kurt Seifried" <kurt () seifried org> wrote:

Denial of service in various browsers:

http://seclists.org/fulldisclosure/2010/Jul/69

Basically it opens a lot of iframes that point to a file download/run
location, you get endlessly spammed with run/save/cancel, in the case
of affected web browsers they become non-responsive and you need to
kill them using task manager/etc.

Affected
Firefox 3.6.4
IE 8
Safari 5.0 (7533.16)

Not affected:
Chrome 5/6
Opera 10

-- 
Kurt Seifried
kurt () seifried org
tel: 1-703-879-3176

Current thread:

CVE request for browser IFRAME/file download DoS Kurt Seifried (Jul 04)
- Re: CVE request for browser IFRAME/file download DoS Josh Bressers (Jul 06)