Re: [Full-disclosure] Apple Safari ... DoS Vulnerability

From: Jason Starks <jstarks440@xxxxxxxxx>
Date: Tue, 3 Mar 2009 18:01:05 -0500

Right..

On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@xxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mr. Stark,

There.

On Tue, Mar 3, 2009 at 5:56 PM, <bobby.mugabe@xxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Where?

- -bm

On Tue, 03 Mar 2009 17:54:51 -0500 Jason Starks
<jstarks440@xxxxxxxxx> wrote:

Mr. Mustache,

There is a missing "s" on the end of my last name.

Yours truly,

Jason "Bench Press" Starks

On Tue, Mar 3, 2009 at 5:45 PM, <bobby.mugabe@xxxxxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mr. Stark,

Adhering to the tradition of my fathers, I do not sport any

facial

hair and take offense to your comment, and since you're

obviously

lacking basic observational skills I highly doubt you're even as
talented as my Cadburys, at anything.

- -bm

On Tue, 03 Mar 2009 11:11:35 -0500 Jason Starks
<jstarks440@xxxxxxxxx> wrote:

Mr. Mustache, it is obvious that I have more talent than a box

of

chocolates, and that you envy the sadistic nature of your

fellow

trolls on
this list. Point blank.

On Tue, Mar 3, 2009 at 6:18 AM, <bobby.mugabe@xxxxxxxxxxxx>

wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Valdis,

I have been able to reproduce a similar situation using

Firefox

under MacOSX, using different websites and a significantly

larger

number of tabs. Do you think these issues might be related

or

are

they operating system specific? What model of CPU were you

testing

this issue under?

Thanks,
- -bm

On Mon, 02 Mar 2009 23:41:53 -0500 Valdis' Mustache
<security.mustache@xxxxxxxxx> wrote:

I would like to point out that I have been able to create a

"hung"

state in the Firefox browser by opening 30 simultaneous tabs
pointed
at http://www.welcometointernet.org/lawnmower/ and adding a

31st

tab
viewing http://www.hotrussianbrides.com.

Also, I am not amused.

Your humble servant,
Ze Mustache von Kletnieks

On Mon, Mar 2, 2009 at 10:29 PM,

<bobby.mugabe@xxxxxxxxxxxx>

wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Nick,

You and Thierry Loller are wrong.

- -bm

On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald

<nick@virus-

l.demon.co.uk> wrote:

Chris Evans to Thierry Zoller:

Example
If a chrome tab can be crashed arbritarely (remotely)

it

is

a

DoS attack

but with ridiculy low impact to the end-user as it

only

crashes the tab

it was subjected to, and not the whole browser or

operation

system.

But the fact remains that this was the impact of a DoS

condition,

the tab crashes arbritarily.

Eh? If you visit www.evil.com and your tab crashes,

that's

no

different from www.evil.com closing its own tab with

Javascript.

But what if www.evil.com has run an injection attack of

some

kind

(SQL,
XSS in blog comments, etc, etc) against www.stupid.com?

Visitors to stupid.com then suffer a DoS...

Yes, stupid.com should run their site better, fix their

myriad

XSS

holes,
etc, etc.

But this is the Internet, so this "software flaw" can be

leveraged

as
security vulnerability.

I'm with Thierry on this...

Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at

https://www.hushtools.com/verify

wpwEAQMCAAYFAkmso8YACgkQhNp8gzZx3sj93AP/a+oFmgLbU2Elo0livpG3c6Qvh

8

+

0

b69LocD4LJmaR3NR4H7AHZYJiqm1TegwdTvtgY4sZd0lXi5EKZYTJMl9tj2Pd53fx

X

F

m

7eK5yf6oRGggrdOLyDjRkMV3bVnOppwXviMHdk8quxx8sDRxA99ZlKKUA40RXFa5e

A

h

p

UpXIZ1s=
=zgqd
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own

pace.

http://tagline.hushmail.com/fc/BLSrjkqfMmg6RbMKs4GE43pzNkcKJRWafc

7

c

DXj4iASDyccuLtQA2i9f1le/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at

https://www.hushtools.com/verify

wpwEAQMCAAYFAkmtEaMACgkQhNp8gzZx3shZFwQAjiE2W/WUkNHrLIu1lBRz6oeDVr

k

n

TmV8TCcaDpsvkRmhNrKFXYObPEatdJ0po7Iul333mllga8+elMukkH15J7BwUZdGlN

A

5

wpE6zNx8ks6L9qS9UxklE8BErdTfUY/OF5FK4aZ92JcngL1xFTkZlDJS0lvIKGry3v

j

u

P7xAvvQ=
=avqi
-----END PGP SIGNATURE-----

--
Click to find great rates on health insurance, save big, shop

here.

http://tagline.hushmail.com/fc/BLSrjkqeRcNd9NCXSJiZxV7gq821SXvgq2G

W

ai39WLJo4QlOxYCnjxaqn9u/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-

charter.html

Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at

https://www.hushtools.com/verify

wpwEAQMCAAYFAkmtsnoACgkQhNp8gzZx3sgiJwQAnL87haXBbGW80ORA4Ufa7Leh0JS
g

XyPSdH32tRZUA+dJaRhoaWJt6HqaKAEltZgsqkrwsA6pTgIIx/IKYdRATBqsrdaBwrF
M

kKhLez2kSeOcODLg1OOpGZ4EwQgZws/Qh1sMQOYjCpBF1W2/q+wvwV8Y8xn4V2MdK4C
L

XTUWWLI=
=FOnb
-----END PGP SIGNATURE-----

--
Become a medical transcriptionist at home, at your own pace.

http://tagline.hushmail.com/fc/BLSrjkqfMmd367qFNEy5ii9ij3bU6df9tEPV
YBzpFXa7E7s6QHH4MsdQbb6/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkmttPMACgkQhNp8gzZx3sjzEwP+LKS6V4qJiWSZckzKh/oS5VSCWKZ6
1bV6uhWvfZKflCc19WDP0qvX/39nXQnciHu77C5t2rc1Sz8puZ4uqW9jvc1vSLB6Ixhk
f9kJc/Xqy3jz2QgQn7ljkTlfLhiylI1Y4DSnl/VH7gQfMFLCzFaPY7MkX596quYacZu3
eJKIjEU=
=MEss
-----END PGP SIGNATURE-----

--
Thinking of a life with religion? Click here to find a religious school
near you.

http://tagline.hushmail.com/fc/BLSrjkqkOt23N64MfCBCDe7Ocvf3t1DcVFSDppHSTZUDCQJQcaRhPY88GLe/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
  - From: Valdis' Mustache

References:
- Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
  - From: bobby . mugabe

Prev by Date: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Next by Date: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Previous by thread: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Next by thread: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Index(es):
- Date
- Thread

Relevant Pages

Re: [Full-disclosure] Securing our computers?
... Hash: SHA1 ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ...
(Full-Disclosure)
Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
... Hash: SHA1 ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
(Full-Disclosure)
Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
... Hash: SHA1 ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
(Full-Disclosure)
Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
... Hash: SHA1 ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
(Full-Disclosure)
Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
... Hash: SHA1 ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
(Full-Disclosure)