Full Disclosure mailing list archives
Re: DoS vulnerability in Mozilla Firefox
From: "MustLive" <mustlive () websecurity com ua>
Date: Wed, 30 Sep 2009 02:43:07 +0300
Hello YGN Ethical Hacker Group!
Thanks, MustLive for utilizing pkcs.
You are welcome.
From the way you did, one idea is to go through the bug zilla list and test the different way that firefox developers still need to fill the gap of security.
Yes, it's quite possible way to find new holes (particularly DoS) in Firefox at places of other holes. I have found some DoS holes in Firefox (and other browsers) when was analyzing other holes (found by other security researchers). Like in case of the vulnerability in pkcs11.addmodule by Dan Kaminsky, or like in case of these DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome (http://websecurity.com.ua/3424/) or these DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome (http://websecurity.com.ua/3338/). And I already wrote about many of blocking DoS holes in different browsers (Firefox, IE and others). One of the most well-known blocking DoS, which you can know - it's DoS via expression in styles in IE (http://websecurity.com.ua/2484/). And I'll write about new blocking DoS holes in browsers. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- From: YGN Ethical Hacker Group (http://yehg.net) To: MustLive Cc: full-disclosure () lists grok org uk Sent: Monday, September 21, 2009 2:09 PM Subject: Re: [Full-disclosure] DoS vulnerability in Mozilla Firefox Thanks, MustLive for utilizing pkcs. We still need to dig deeper into the source of firefox. On Mon, Sep 21, 2009 at 3:29 AM, MustLive <mustlive () websecurity com ua> wrote: Hello Full-Disclosure! This is my second letter to this list. Like in case of my previous letter to this list, I already sent this letter to Bugtraq (at 15th of September), but they declined to post it without any explanation (which is becoming tradition for them :-), earlier moderator at least wrote explanations, but now he has a "words crisis"). I hope with Full-Disclosure list everything will be much better. Insignificancy of Bugtraq forces me to look at this list. When I read description of this list at seclists.org, before writing of my first letter, I found it less nice then Bugtraq's description. But I'll try to contribute my share to change situation with list's image and we'll see who is #1 security list ;-). I want to warn you about Denial of Service vulnerability in Mozilla Firefox. Attack is based on idea of using of pkcs11.addmodule by Dan Kaminsky. Attack belongs to type of blocking DoS (http://websecurity.com.ua/2550/). I wrote already about blocking DoS vulnerabilities and it's new one. DoS: http://websecurity.com.ua/uploads/2009/Firefox%20DoS%20Exploit2.html With the exploit Firefox blocks. Vulnerable are all versions of Mozilla and Mozilla Firefox 3.0.13 and previous versions. I mentioned about this vulnerability at my site (http://websecurity.com.ua/3500/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DoS vulnerability in Mozilla Firefox MustLive (Sep 21)
- Re: DoS vulnerability in Mozilla Firefox YGN Ethical Hacker Group (http://yehg.net) (Sep 21)
- Re: DoS vulnerability in Mozilla Firefox MustLive (Sep 30)
- Re: DoS vulnerability in Mozilla Firefox YGN Ethical Hacker Group (http://yehg.net) (Sep 21)