Date: Sat, 3 Jul 2010 23:18:07 -0600 From: Kurt Seifried <kurt@...fried.org> To: oss-security@...ts.openwall.com Subject: CVE request for browser IFRAME/file download DoS Denial of service in various browsers: http://seclists.org/fulldisclosure/2010/Jul/69 Basically it opens a lot of iframes that point to a file download/run location, you get endlessly spammed with run/save/cancel, in the case of affected web browsers they become non-responsive and you need to kill them using task manager/etc. Affected Firefox 3.6.4 IE 8 Safari 5.0 (7533.16) Not affected: Chrome 5/6 Opera 10 -- Kurt Seifried kurt@...fried.org tel: 1-703-879-3176
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.