Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 6 Jul 2010 15:07:58 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request for browser IFRAME/file download DoS

This is more complicated than I wish to deal with. I'm going to defer this
one to MITRE.

Thanks.

-- 
    JB


----- "Kurt Seifried" <kurt@...fried.org> wrote:

> Denial of service in various browsers:
> 
> http://seclists.org/fulldisclosure/2010/Jul/69
> 
> Basically it opens a lot of iframes that point to a file download/run
> location, you get endlessly spammed with run/save/cancel, in the case
> of affected web browsers they become non-responsive and you need to
> kill them using task manager/etc.
> 
> Affected
> Firefox 3.6.4
> IE 8
> Safari 5.0 (7533.16)
> 
> Not affected:
> Chrome 5/6
> Opera 10
> 
> -- 
> Kurt Seifried
> kurt@...fried.org
> tel: 1-703-879-3176

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.