Re: DoS attacks on email clients via protocol handlers

[Eduardo Vela <sirdarckcat () gmail com>]

errr/
So that attack could allow
an attacker to annoy millions of people with email client popups when
they receive
an email/visit facebook.

it's important to note that the attack was in a redirection, so it's
asuming the website ensured that the starting URL was https?://

-- Eduardo




On Sat, Jun 12, 2010 at 6:00 PM, Eduardo Vela <sirdarckcat () gmail com> wrote:
> MustLive
>
> Since I saw you mentioned
> http://www.mozilla.org/security/announce/2010/mfsa2010-23.html I think
> it would be important for you to know the difference between that
> vulnerability and yours.
>
> The reason that was fixed, was because it's generally considered safe
> to embed images pointing off site, and is acceptable to consider it's
> generally safe (with a few exceptions like referrer leaking, and basic
> auth prompts), and a lot of websites, and online applications, like
> gmail, or facebook to mention a few do it. So that attack could allow
> an attacker to annoy millions of people with iframes when they receive
> an email/visit facebook.
>
> That was considered risky enough to make a fix, but still was
> considered low risk.
>
> All of your attacks with URI schemes are not exploitable this way, and
> are completely useless for that matter, I would recommend you to think
> "could this attack be exploited in mass? would it make people loss
> money/time?" before making more of those advisories.
>
> Greetings
>
> -- Eduardo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/