Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera



Hello Manuel!

This Vulnerability have a CVE number or Bugtrack ID?

I wrote to Bugtraq and Full-Disclosure, so if CVE or any other bugtracks
will decide, they'll give their IDs to these vulnerabilities (I posted three
advisories about attacks via 5 protocols), which belong to group of DoS via
protocol handlers. For example there is SecurityVulns ID for them: 10851
(http://securityvulns.com/news/Browsers/mailto.html).

But note the next, which I told in details in Bugtraq
(http://www.securityfocus.com/archive/1/511364/30/0/threaded) in
conversation with Susan Bradley, and later John Smith and Vladimir Dubrovin
join it. That all browser vendors in most cases don't care about DoS holes
and mostly don't fix them.

And as I wrote in continuation of previous discussion
(http://www.securityfocus.com/archive/1/511570), all browser vendors don't
count DoS as vulnerabilities, they called them "stability issues" and so
don't attend to them seriously (and not fixing or fixing slowly). For this
reason they can to not make their own security advisories and so there will
be no CVE number or Bugtrack ID granted to these issues (in this case they
can be granted only if MITRE and others decided to give their IDs without
looking at browser vendors).

Also take into account that for "Image src redirect to mailto: URL"
vulnerability Mozilla released their security advisory MFSA 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) and there
was CVE-2010-0181 for it. So it's possible then they will decide to make
such ones for this vulnerability with iframes and different protocols.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message -----
From: Manuel Moreno Leiva
To: MustLive
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Wednesday, June 02, 2010 11:45 PM
Subject: Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet
Explorer, Chrome and Opera


This Vulnerability have a CVE number or Bugtrack ID?
I Cant find any official information about this!

Regards

Manuel Moreno
Insecure


2010/5/28 MustLive <mustlive@xxxxxxxxxxxxxxxxxx>

Hello Full-Disclosure!

I want to warn you about security vulnerabilities in different browsers.

-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/

-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer

8, Google Chrome, Opera.
-----------------------------
Timeline:

26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
27.05.2010 - disclosed at my site.
-----------------------------
Details:

After publication of previous vulnerabilities in different browsers, I
continued my researches and found many new vulnerabilities in browsers,
which I called by general name DoS via protocol handlers, to which belonged
and previous DoS attack via mailto handler.

Now I'm informing about DoS in different browsers via protocols news and
nntp. These Denial of Service vulnerabilities belongs to type

(http://websecurity.com.ua/2550/) blocking DoS and resources consumption

DoS. These attacks can be conducted as with using JS, as without it (via

creating of page with large quantity of iframes).


DoS:

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit2.html

This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides

previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome
1.0.154.48 and Opera 9.52.


In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as news-client at my computer, and IE8
crashes (at computer without Opera). And in Opera the attack is going

without blocking, only resources consumption (more slowly then in other
browsers).


http://websecurity.com.ua/uploads/2010/Firefox,%20IE%20&%20Opera%20DoS%20Exploit.html

This exploit for nntp protocol works in Mozilla Firefox 3.0.19 (and besides

previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6

(6.0.2900.2180) and Opera 9.52.

In all mentioned browsers occurs blocking and overloading of the system from
starting of Opera, which appeared as nntp-client at my computer. In IE8 the
attack didn't work - possibly because that at that computer there was no
nntp-client, Opera in particular. And in Opera the attack is going without

blocking, only resources consumption (more slowly then in other browsers).


Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
    ... DoS vulnerabilities in Firefox, Internet Explorer, Chrome and ... Due to advantages of JS exploit for these vulnerabilities over non-JS ... with such holes or, as Opera did few times, answering with "it's stability ... Only one time Microsoft informed me about fixing DoS hole in Outlook - even they called it stability issue they informed me after they released a patch for it (which was serious approach, but not Microsoft for IE, nor other vendors use such approach for DoS holes in browsers). ...
    (Bugtraq)
  • Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
    ... who replied to my previous advisory. ... All they mostly ignore such holes, all they don't count DoS as ... Only one time Microsoft informed me about fixing DoS hole in Outlook - even they called it stability issue they informed me after they released a patch for it (which was serious approach, but not Microsoft for IE, nor other vendors use such approach for DoS holes in browsers). ... Explorer, Chrome and Opera ...
    (Bugtraq)
  • Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
    ... Just a few cents - DoS in webbrowsers doesn't fall under the category of "vulnerabilities" rather more of "annoyances". ... Although I don't deny the fact that certain DoS attacks *may lead* or *may serve as hints* to other more serious exploits, but that's a different topic and with ASLR in the scene, a very grey area of discussion. ... XSS can be of various kinds and most of them can be attributed to the design of the web technologies/protocols specifications and the browsers can only do that much. ... But about DoS holes they didn't answer in 99% of time. ...
    (Bugtraq)
  • Re: [Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
    ... I want to warn you about security vulnerabilities in different browsers. ... Mozilla Firefox, Internet Explorer 6, Internet Explorer ... 8, Google Chrome, Opera. ...
    (Full-Disclosure)
  • Re: [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
    ... I want to warn you about security vulnerability in different browsers. ... Mozilla Firefox, Internet Explorer 6, Internet Explorer ... 8, Google Chrome, Opera. ... - found vulnerabilities. ...
    (Bugtraq)