oss-sec mailing list archives

CVE request for browser IFRAME/file download DoS

From: Kurt Seifried <kurt () seifried org>
Date: Sat, 3 Jul 2010 23:18:07 -0600

Denial of service in various browsers:

http://seclists.org/fulldisclosure/2010/Jul/69

Basically it opens a lot of iframes that point to a file download/run
location, you get endlessly spammed with run/save/cancel, in the case
of affected web browsers they become non-responsive and you need to
kill them using task manager/etc.

Affected
Firefox 3.6.4
IE 8
Safari 5.0 (7533.16)

Not affected:
Chrome 5/6
Opera 10

-- 
Kurt Seifried
kurt () seifried org
tel: 1-703-879-3176

Current thread:

CVE request for browser IFRAME/file download DoS Kurt Seifried (Jul 04)
- Re: CVE request for browser IFRAME/file download DoS Josh Bressers (Jul 06)