oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: browser document.cookie DoS vulnerability

From: cve-assign () mitre org
Date: Tue, 15 Oct 2013 11:29:05 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I don't think web browser dos's are suppose to be CVE worthy.


A complete crash of a typical web browser is currently always eligible
for a CVE assignment from MITRE. This, of course, doesn't mean that a
Red Hat Security Advisory would necessarily be published for that
issue alone. It also doesn't mean that browser vendors actively
request CVE assignments for all such issues.

An example where a CVE assignment isn't made is a clean crash (no
memory corruption) of a single process associated with browsing a
single web site, i.e., a "tab crash" in some browsers. This might be
caused by a malicious web site that triggers a divide by zero. In that
situation, it's generally not possible for the crash to disrupt the
end user's ongoing work.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSXV7PAAoJEKllVAevmvmsWPUIALwIMM3/pNTrK38DJju3vrjW
qzmGXHlpCL2tjfYbElDuUmWhhop25VGGj1cNVCmaE3CQreuAHZZRiY3ahxpBXBwk
A0pFVghcti85o+/QX/kXH8yLi3+LhXHYGrw4pt5BX15TDCp6dttKiSlulMQLgPzU
ZhkfgEkge+Bt6vgBUOTB/128E6ZJu9CUUbXXmBPgCjLLgWNqVoL7AIojkvv6kfIp
KyNmrBK4wFa4oWFckwIoECV/eVmRb9lwYP1y8sXEOQUgjd+OtcEw8JKec4UWMX1Q
WRKel7tbKMp6SWparXMiZ2S5RNizV/7E9HWzzPddntaFyy15PNPSYKnpbMRa5rk=
=M7qf
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: