oss-security - Re: CVE request for browser IFRAME/file download DoS

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <814193225.2088351278443278066.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Tue, 6 Jul 2010 15:07:58 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request for browser IFRAME/file download DoS

This is more complicated than I wish to deal with. I'm going to defer this
one to MITRE.

Thanks.

-- 
    JB


----- "Kurt Seifried" <kurt@...fried.org> wrote:

> Denial of service in various browsers:
> 
> http://seclists.org/fulldisclosure/2010/Jul/69
> 
> Basically it opens a lot of iframes that point to a file download/run
> location, you get endlessly spammed with run/save/cancel, in the case
> of affected web browsers they become non-responsive and you need to
> kill them using task manager/etc.
> 
> Affected
> Firefox 3.6.4
> IE 8
> Safari 5.0 (7533.16)
> 
> Not affected:
> Chrome 5/6
> Opera 10
> 
> -- 
> Kurt Seifried
> kurt@...fried.org
> tel: 1-703-879-3176

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.