Full Disclosure mailing list archives
safari dos
From: "kang () insecure ws" <kang () insecure ws>
Date: Sat, 22 Nov 2003 01:58:21 +0100
Original is here: http://www.insecure.ws/article.php?story=20031122012748282Safari will never exit a loop in javascript. Since javascript isn't executed in a thread, this cause a DoS (Safari crashes). Firebird has been tested and is not vulnerable. I don't know about other browers on MacOSX, but they are probably not vulnerable. (OmniWeb?)
/As usual, read more for exploit/explanation/
----------
|Adv: safari_0x02
Release Date: 22/11/03
Affected Products: Safari =< 1.1.1
Impact: Denial of Service
Severity: Remote, low
Author: kang, kang () insecure ws
|
A very simple javascript block like this one:
while (true)
{ document.location "sherlock://com.apple.movies?" }
is enought to lock up Safari, effectivly DoSing it.
Notice that you must call a protocol helper in the loop, here I'm
calling Sherlock. Otherwise, the loop is aborted and Safari functions
normally.
There is no fix available yet. Vendor has been informed. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- safari dos kang () insecure ws (Nov 21)
- Re: safari dos Christian Horchert (Nov 21)
- Re: safari dos kang () insecure ws (Nov 22)
- Re: safari dos Christian Horchert (Nov 22)
- Re: safari dos Christian Horchert (Nov 22)
- Re: safari dos kang () insecure ws (Nov 22)
- Re: safari dos Christian Horchert (Nov 22)
- Re: safari dos kang () insecure ws (Nov 22)
- Re: safari dos Grant Husbands (Nov 23)
- <Possible follow-ups>
- RE: safari dos Grant Husbands (Nov 23)
- Re: safari dos Christian Horchert (Nov 21)