[Full-disclosure] DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera



Hello Full-Disclosure!

I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.

All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
mentioned about Mozilla's MFSA 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html), for which
created CVE-2010-0181
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181). If they
consider img with mailto (via redirect) as vulnerability, then iframes with
different protocols is indeed vulnerability (in browsers and email clients).

-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4283/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome,
Opera.
-----------------------------
Timeline:

26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
12.06.2010 - disclosed at my site.
-----------------------------
Details:

Now I'm informing about DoS in different browsers via protocols chrome, wmk
and outlook. Attacks via mail clients are also possible, as I wrote about in
corresponding advisory. These Denial of Service vulnerabilities belong to
type (http://websecurity.com.ua/2550/) blocking DoS and resources
consumption DoS. These attacks can be conducted as with using JS, as without
it (via creating of a page with large quantity of iframes).

DoS:

http://websecurity.com.ua/uploads/2010/Chrome%20&%20Opera%20DoS%20Exploit.html

This exploit for chrome protocol works in Google Chrome 1.0.154.48 and Opera
9.52.

In Chrome occurs blocking of the browser. And in Opera occurs resources
consumption (CPU and memory).

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit4.html

This exploit for wmk protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.

For work of exploit the WebMoney Keeper Classic must be installed. In
browsers Firefox and IE occurs blocking and overloading of the system from
starting of WebMoney Keeper (also must work in IE8, but there was no
WebMoney Keeper at the computer with IE8 to check it). In Chrome occurs
blocking of the browser. And in Opera the attack is going without blocking,
only resources consumption (more slowly then in other browsers).

http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit5.html

This exploit for outlook protocol works in Mozilla Firefox 3.0.19 (and
besides previous versions, it must work in 3.5.x and 3.6.x), Internet
Explorer 6 (6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.

For work of exploit the Microsoft Outlook must be installed. In browsers
Firefox and IE occurs blocking and overloading of the system from starting
of Outlook (doesn't work in IE8). At that, if to allow automatic start of
the program handler of this protocol in Firefox, by setting checkbox, then
insead of blocking of the browser, there will be blocking and overloading of
the system (as in occurs in IE). In Chrome occurs blocking of the browser.
And in Opera the attack is going without blocking, only resources
consumption (more slowly then in other browsers). If there is no Outlook at
the computer, then in Firefox occurs blocking of the browser, and in IE and
Opera occurs resources consumption.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera
    ... I want to warn you about Denial of Service vulnerabilities in Firefox, ... Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email ... clients via protocol handlers. ...
    (Bugtraq)
  • Re: Photos from Paris
    ... I use only Firefox now under linux. ... I loved Opera ... As someone who designs the occasional website I have to be able to test my creations on a variety of browsers, so I usually have installed at the very least Firefox, IE, Chrome, Safari and Opera. ...
    (uk.local.cumbria)
  • Re: Firefox Alternative
    ... I have Opera, Google Chrome and Firefox installed, but I rarely use ... Modify settings or unsubscribe at: ...
    (Ubuntu)
  • Re: Whats the correct behaviour ?
    ... I ask because both Opera and IE8 kill it, while Safari, Chrome ... My tests show the same result, except Firefox: ... refer to the old uncleared window-object. ...
    (comp.lang.javascript)
  • Re: Alter Rechner
    ... (Sowieso drauf: Seamonkey 1.1.11, mein Standardbrowser.) ... schnell installieren, wobei der Firefox-Installer bei Bedarf m.E. ein ... Danach erkennt man dann aber recht schnell, daß Opera immer noch ... Firefox, der sich explizit auch an unbedarftere Nutzer richtet, stolpert ...
    (de.comp.hardware.misc)