<<< Date Index >>>     <<< Thread Index >>>

Gmail/Gtalk web client DoS



Gmail/Gtalk web client DoS

Summary

It is trivial to freeze the browser of a known user who is currently using 
Gmail with the Gtalk feature enabled.  This could lead to a denial of service 
attack against any user of Gmail who is using the web client.

Technical Details

Gtalk within Gmail converts some incoming emoticons into animated gifs.  
Sending a large quantity at once will cause the recipient's browser to lock up 
until the message is fully converted.  With relatively few (100) emoticons, you 
can freeze a browser for a few minutes.  Larger quantities, or multiple 
messages could extend this time indefinitely.  If the Gmail web client is used 
to send the message, the sender's browser will also lock up.

The standalone Google Talk client for Windows does not suffer from this 
problem, and is the easiest way to send the messages to a target.  In theory, 
any properly configured Jabber client could be used.  Conceivably, modified 
Jabber clients could be configured to run a widespread DoS attack against 
active Gmail users at a low cost to the attacker, since the message size is 
small and requires little bandwidth. 

Known Affected Browsers:
Firefox 1.5.0.3
Internet Explorer 6.0
Internet Explorer 7.0 Beta 2
Seamonkey 1.0

Known Unaffected Browsers: 
Safari 1.3.2

Any browser which the Gtalk client does not run in will be unaffected.


Workaround

Disabling the Gtalk feature while using Gmail will protect a user, at the cost 
of the ability to chat.

Credits

Special thanks to Kevin Fleming for help research this issue.