oss-sec mailing list archives
Re: browser document.cookie DoS vulnerability
From: cve-assign () mitre org
Date: Tue, 15 Oct 2013 11:29:05 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I don't think web browser dos's are suppose to be CVE worthy.
A complete crash of a typical web browser is currently always eligible for a CVE assignment from MITRE. This, of course, doesn't mean that a Red Hat Security Advisory would necessarily be published for that issue alone. It also doesn't mean that browser vendors actively request CVE assignments for all such issues. An example where a CVE assignment isn't made is a clean crash (no memory corruption) of a single process associated with browsing a single web site, i.e., a "tab crash" in some browsers. This might be caused by a malicious web site that triggers a divide by zero. In that situation, it's generally not possible for the crash to disrupt the end user's ongoing work. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJSXV7PAAoJEKllVAevmvmsWPUIALwIMM3/pNTrK38DJju3vrjW qzmGXHlpCL2tjfYbElDuUmWhhop25VGGj1cNVCmaE3CQreuAHZZRiY3ahxpBXBwk A0pFVghcti85o+/QX/kXH8yLi3+LhXHYGrw4pt5BX15TDCp6dttKiSlulMQLgPzU ZhkfgEkge+Bt6vgBUOTB/128E6ZJu9CUUbXXmBPgCjLLgWNqVoL7AIojkvv6kfIp KyNmrBK4wFa4oWFckwIoECV/eVmRb9lwYP1y8sXEOQUgjd+OtcEw8JKec4UWMX1Q WRKel7tbKMp6SWparXMiZ2S5RNizV/7E9HWzzPddntaFyy15PNPSYKnpbMRa5rk= =M7qf -----END PGP SIGNATURE-----
Current thread:
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 10)
- Re: Re: browser document.cookie DoS vulnerability aaron guzman (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Joel Weinberger (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Murray McAllister (Oct 14)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 15)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 11)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Oct 15)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 16)
- Re: browser document.cookie DoS vulnerability cve-assign (Oct 17)
- Re: browser document.cookie DoS vulnerability Mozilla Security (Oct 17)