Re: Nokia N95-8 browser denial of service

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Nokia N95-8 browser denial of service
From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
Date: Sun, 1 Mar 2009 01:23:08 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Websecurity
Reply-to: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>

Hello Thierry!

About your message concerning crash in Firefox 3.0.6(http://securityvulns.ru/Vdocument307.html). Which has similar DoSvulnerability as Nokia N95-8 browser.

Some time ago I read your message and also checked Firefox 3.0.6 andconfirmed the crash in it. What I can tell you about this hole.

In the beginning of September 2008 I already wrote about such DoSvulnerability in Mozilla Firefox (http://websecurity.com.ua/2421/). Whichleads to that after running of the exploit the browser begun taking 100% ofCPU resources and freezes.

The attack was based on using nested marquee tags (this hole was alreadyfound in Firefox 1.0 and 1.5). Vulnerable were Mozilla Firefox 3.0.1 andprevious versions. This vulnerability was first publicly disclosed DoS inFirefox 3. My exploit don't use JavaScript (as Juan's exploit), just onlyuse HTML. For attacking purposes it's better to use plain HTML exploit,which allows to bypass such protections as turning off JavaScript or usingaddons like NoScript.

I informed Mozilla about this hole (on email) and published it at Bugzilla(https://bugzilla.mozilla.org/show_bug.cgi?id=454434). But Mozillacompletely ignored it (as all other vulnerabilities, which I informed themabout in 2007, 2008 and 2009 years). For example last hole in Firefox 3,which I disclosed 13.02.2009 (and informed Mozilla) was Charset Inheritancevulnerability in Mozilla Firefox 3 (http://websecurity.com.ua/2879/) - andthey even didn't answered me yet about it. For example, when I informedGoogle about Charset Inheritance vulnerability in Google Chrome(http://websecurity.com.ua/2844/), they quickly answered me - that theydecided to not fix it (but still not ignored letter like Mozilla).

In September 2009 DoS vulnerability in SeaMonkey was found(http://websecurity.com.ua/2820/), which uses the same attack (onmarquee-vulnerability which was ignored by Mozilla). But unlike FF,SeaMonkey crashes - this is already another type of DoS vulnerabilities inbrowser (http://websecurity.com.ua/2550/). And in February you found thatlast version of Firefox also crashes.

So Mozilla not only didn't fix the vulnerability, which I found in Firefox3.0.1 (and which was known yet in FF1), but even strengthened it in lastversions of the browser. They altered it from resources consumption DoS tocrashing DoS. This situation similar to Charset Inheritance vulnerability inMozilla Firefox 3, which wasn't in Firefox 3.0.1 and previous versions(after fix in 2007), but which Mozilla "added" in Firefox from version3.0.2.


Best wishes & regards,
MustLive
Administrator of Websecurity web site

http://websecurity.com.ua

Prev by Date: Afian Document Manager Local File Inclusion
Next by Date: Weekly Web Hacking Incidents update for Feb 25th
Previous by thread: Re: Nokia N95-8 browser denial of service
Next by thread: C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terraplatform Multiple Vulnerabilities
Index(es):
- Date
- Thread