Dear John Smith,
In general case we are discussing, DoS may be caused by e.g. some
combination of allowed tags/properties or by malformed image.
As it was pointed by author, this attack may be performed with
scripting disabled (with [iframe src=]). That's why e-mail vector may
be significant.
--Friday, May 28, 2010, 11:55:28 PM, you wrote to 3APA3A@xxxxxxxxxxxxxxxx:
JS> Point taken. But that'd be a non-issue on the browser's end as much as
JS> site's that is allowing the rogue scripts (or malformed ads, as per your
JS> example).
JS> The fork of this mail thread clearly explains what I'm talking about. The
JS> issue noted there is a simple DoS attack which every programming language
JS> and platform is vulnerable too. Its called the "infinite loop". It is not a
JS> 'security vulnerability' by itself and is completely agnostic of the uri
JS> handler (try http or anything instead of nntp).
JS> Here's the simplified JS version of it (lets call it the Universal DoS --
JS> yes, it'd work for every browser on the planet that can execute JS) -
JS> <script>
JS> while(1)alert('hello world');
JS> </script>
JS> Done!
JS> Workaround:
JS> None very intuitive. Maybe allow the user to terminate the script at every
JS> iteration? specific time period? etc...
JS> --------------------------------------------------
JS> From: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>
JS> Sent: Friday, May 28, 2010 11:47 PM
JS> To: "John Smith" <at-x@xxxxxxxx>
JS> Cc: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>; "Susan Bradley"
JS> <sbradcpa@xxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>
JS> Subject: Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
JS> Opera and other browsers
>> Dear John Smith,
>>
>> Actually, browser DoS may be quite serious vulnerability, depending on
>> nature of DoS. Think about e.g. banner or content exchange network,
>> social networks, web boards, etc where browser vulnerability may be
>> used against site or page because it will harm any visitors of this
>> site or page.
>>
>> In case of this very vulnerability, most serious impact may be from
>> e-mail vector.
>>
>> --Friday, May 28, 2010, 7:07:50 PM, you wrote to
>> mustlive@xxxxxxxxxxxxxxxxxx:
>>
>> JS> Just a few cents - DoS in webbrowsers doesn't fall under the category
>> of
>> JS> "vulnerabilities" rather more of "annoyances". Although I don't deny
>> the
>> JS> fact that certain DoS attacks *may lead* or *may serve as hints* to
>> other
>> JS> more serious exploits, but that's a different topic and with ASLR in
>> the
>> JS> scene, a very grey area of discussion.
>>
>>
>>
>> --
>> Skype: Vladimir.Dubrovin
>> ~/ZARAZA http://securityvulns.com/
>> Стреляя во второй раз, он искалечил постороннего. Посторонним был я.
>> (Твен)
>>
>>
--
Skype: Vladimir.Dubrovin
~/ZARAZA http://securityvulns.com/
Машина оказалась способной к единственному действию,
а именно умножению 2x2, да и то при этом ошибаясь. (Лем)
