Full Disclosure mailing list archives
Re: Apple Safari ... DoS Vulnerability
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 03 Mar 2009 15:28:17 +1300
Chris Evans to Thierry Zoller:
Example If a chrome tab can be crashed arbritarely (remotely) it is a DoS attack but with ridiculy low impact to the end-user as it only crashes the tab it was subjected to, and not the whole browser or operation system. But the fact remains that this was the impact of a DoS condition, the tab crashes arbritarily.Eh? If you visit www.evil.com and your tab crashes, that's no different from www.evil.com closing its own tab with Javascript.
But what if www.evil.com has run an injection attack of some kind (SQL, XSS in blog comments, etc, etc) against www.stupid.com? Visitors to stupid.com then suffer a DoS... Yes, stupid.com should run their site better, fix their myriad XSS holes, etc, etc. But this is the Internet, so this "software flaw" can be leveraged as security vulnerability. I'm with Thierry on this... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apple Safari ... DoS Vulnerability nzerozero p (Mar 01)
- <Possible follow-ups>
- Re: Apple Safari ... DoS Vulnerability Chris Evans (Mar 02)
- Re: Apple Safari ... DoS Vulnerability Nick FitzGerald (Mar 02)
- Re: Apple Safari ... DoS Vulnerability Chris Evans (Mar 02)
- Re: Apple Safari ... DoS Vulnerability Nick FitzGerald (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Michal Zalewski (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Valdis . Kletnieks (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Nick FitzGerald (Mar 02)
- Re: Apple Safari ... DoS Vulnerability Michal Zalewski (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Nick FitzGerald (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Chris Evans (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Nick FitzGerald (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Stuart Dunkeld (Mar 03)
- Re: Apple Safari ... DoS Vulnerability Chris Evans (Mar 03)