|
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
mentioned about Mozilla's MFSA 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html), for which
created CVE-2010-0181
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181). If they
consider img with mailto (via redirect) as vulnerability, then iframes with
different protocols is indeed vulnerability (in browsers and email clients).
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4283/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Google Chrome,
Opera.
-----------------------------
Timeline:
26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
12.06.2010 - disclosed at my site.
-----------------------------
Details:
Now I'm informing about DoS in different browsers via protocols chrome, wmk
and outlook. Attacks via mail clients are also possible, as I wrote about in
corresponding advisory. These Denial of Service vulnerabilities belong to
type (http://websecurity.com.ua/2550/) blocking DoS and resources
consumption DoS. These attacks can be conducted as with using JS, as without
it (via creating of a page with large quantity of iframes).
DoS:
http://websecurity.com.ua/uploads/2010/Chrome%20&%20Opera%20DoS%20Exploit.html
This exploit for chrome protocol works in Google Chrome 1.0.154.48 and Opera
9.52.
In Chrome occurs blocking of the browser. And in Opera occurs resources
consumption (CPU and memory).
http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit4.html
This exploit for wmk protocol works in Mozilla Firefox 3.0.19 (and besides
previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6
(6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.
For work of exploit the WebMoney Keeper Classic must be installed. In
browsers Firefox and IE occurs blocking and overloading of the system from
starting of WebMoney Keeper (also must work in IE8, but there was no
WebMoney Keeper at the computer with IE8 to check it). In Chrome occurs
blocking of the browser. And in Opera the attack is going without blocking,
only resources consumption (more slowly then in other browsers).
http://websecurity.com.ua/uploads/2010/Firefox,%20IE,%20Chrome%20&%20Opera%20DoS%20Exploit5.html
This exploit for outlook protocol works in Mozilla Firefox 3.0.19 (and
besides previous versions, it must work in 3.5.x and 3.6.x), Internet
Explorer 6 (6.0.2900.2180), Google Chrome 1.0.154.48 and Opera 9.52.
For work of exploit the Microsoft Outlook must be installed. In browsers
Firefox and IE occurs blocking and overloading of the system from starting
of Outlook (doesn't work in IE8). At that, if to allow automatic start of
the program handler of this protocol in Firefox, by setting checkbox, then
insead of blocking of the browser, there will be blocking and overloading of
the system (as in occurs in IE). In Chrome occurs blocking of the browser.
And in Opera the attack is going without blocking, only resources
consumption (more slowly then in other browsers). If there is no Outlook at
the computer, then in Firefox occurs blocking of the browser, and in IE and
Opera occurs resources consumption.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua