TUCoPS :: Phreaking Cellular - Major Manufacturers :: va1539.htm

Nokia Browser Array Sort Denial Of Service Vulnerability
Nokia Browser Array Sort Denial Of Service Vulnerability
Nokia Browser Array Sort Denial Of Service Vulnerability



==================================================== =0D
Security Research Advisory=0D
=0D
Vulnerability name: Nokia Browser Array Sort Denial Of Service Vulnerability=0D
Advisory number: LC-2008-04=0D
Advisory URL: http://www.ikkisoft.com=0D 
=0D
==================================================== =0D
1) Affected Software =0D
=0D
* Nokia Mini Map Browser (S60WebKit <= 21772) =0D
=0D
The tested device has the following User-Agent: =0D
Mozilla/5.0 (SymbianOS/9.2;U;Series60/3.1 NokiaE90-1/210.34.75 =0D
Profile/MIDP-2.0 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML) =0D
Safari/413=0D
=0D
Note: Although the Nokia Web Browser is built upon a port of the =0D
open source WebKit used by Apple for its browser, the iPhone is not =0D
affected (at least the iPhone firmware version 2.0.2(5C1))=0D
=0D
=====================================================0D
2) Severity =0D
=0D
Severity: Low=0D
Local/Remote: Remote=0D
=0D
==================================================== =0D
3) Summary=0D
=0D
The Web Browser for S60 (formally called Nokia Mini Map Browser) is a web =0D
browser for the S60 mobile phone platform developed by Nokia. =0D
It is built upon S60WebKit, a port of the open source WebKit project to the S60=0D
platform. According to several sources, the S60 software on Symbian OS is the =0D
world's most popular software for smartphones.=0D
=0D
This version of the Nokia Mini Map Browser does not properly validate JavaScript=0D
input embedded in visited HTML pages. An aggressor can easily trigger Denial of=0D
Service attacks.=0D
=0D
References:=0D
http://opensource.nokia.com/projects/S60browser/ =0D 
http://en.wikipedia.org/wiki/Web_Browser_for_S60=0D 
=0D
=====================================================0D
4) Vulnerability Details=0D
=0D
The Nokia Mini Map Browser is prone to a vulnerability that may result in the =0D
application silent crash. Arbitrary code execution is probably not possible.=0D
The problem arises in the JavaScript core of the S60WebKit, invoking the sort() =0D
function on a recursive array.=0D
A similar behavior was observed some years ago in several browsers due to =0D
the common code base (BID-12331, BID-11762, BID-11760, BID-11759, =0D
BID-11752).=0D
=0D
==================================================== =0D
5) Exploit =0D
=0D
Embed in an HTML page the following JavaScript:=0D
=0D
=0D
==================================================== =0D
6) Fix Information =0D
=0D
n/a=0D
=0D
==================================================== =0D
7) Time Table =0D
=0D
08/09/2008 - Vendor notified.=0D
15/09/2008 - Vendor response.=0D
??/??/???? - Vendor patch release.=0D
10/10/2008 - Public disclosure.=0D
=0D
==================================================== =0D
8) Credits =0D
=0D
Discovered by Luca Carettoni - luca.carettoni[at]ikkisoft[dot]com=0D
=0D
==================================================== =0D
9) Legal Notices=0D
=0D
The information in the advisory is believed to be accurate at the time of=0D
publishing based on currently available information. =0D
This information is provided as-is, as a free service to the community. =0D
There are no warranties with regard to this information.=0D
The author does not accept any liability for any direct, indirect,=0D
or consequential loss or damage arising from use of, or reliance on,=0D
this information.=0D
Permission is hereby granted for the redistribution of this alert, provided =0D
that the content is not altered in any way, except reformatting, and that due =0D
credit is given.=0D
=0D
This vulnerability has been disclosed in accordance with the RFP =0D
Full-Disclosure Policy v2.0, available at:=0D
http://www.wiretrip.net/rfp/policy.html=0D 
=0D
===================================================

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH