'Re: [Full-disclosure] DoS vulnerability in Mozilla Firefox'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] DoS vulnerability in Mozilla Firefox
From:       "MustLive" <mustlive () websecurity ! com ! ua>
Date:       2009-09-29 23:43:07
Message-ID: 011901ca415e$bf1cafe0$010000c0 () ml
[Download RAW message or body]

Hello YGN Ethical Hacker Group!

> Thanks, MustLive for utilizing pkcs.

You are welcome.

> From the way you did, one idea is to go through the bug zilla list and 
> test the different way that firefox developers still need to fill the gap 
> of security.

Yes, it's quite possible way to find new holes (particularly DoS) in Firefox 
at places of other holes. I have found some DoS holes in Firefox (and other 
browsers) when was analyzing other holes (found by other security 
researchers). Like in case of the vulnerability in pkcs11.addmodule by Dan 
Kaminsky, or like in case of these DoS vulnerabilities in Mozilla Firefox, 
Internet Explorer and Chrome (http://websecurity.com.ua/3424/) or these DoS 
vulnerabilities in Firefox, Internet Explorer, Opera and Chrome 
(http://websecurity.com.ua/3338/).

And I already wrote about many of blocking DoS holes in different browsers 
(Firefox, IE and others). One of the most well-known blocking DoS, which you 
can know - it's DoS via expression in styles in IE 
(http://websecurity.com.ua/2484/). And I'll write about new blocking DoS 
holes in browsers.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: YGN Ethical Hacker Group (http://yehg.net)
To: MustLive
Cc: full-disclosure@lists.grok.org.uk
Sent: Monday, September 21, 2009 2:09 PM
Subject: Re: [Full-disclosure] DoS vulnerability in Mozilla Firefox



Thanks, MustLive for utilizing pkcs.
We still need to dig deeper into the source of firefox.




On Mon, Sep 21, 2009 at 3:29 AM, MustLive <mustlive@websecurity.com.ua> 
wrote:

Hello Full-Disclosure!

This is my second letter to this list.

Like in case of my previous letter to this list, I already sent this letter
to Bugtraq (at 15th of September), but they declined to post it without any
explanation (which is becoming tradition for them :-), earlier moderator at
least wrote explanations, but now he has a "words crisis"). I hope with
Full-Disclosure list everything will be much better. Insignificancy of
Bugtraq forces me to look at this list. When I read description of this list
at seclists.org, before writing of my first letter, I found it less nice
then Bugtraq's description. But I'll try to contribute my share to change
situation with list's image and we'll see who is #1 security list ;-).

I want to warn you about Denial of Service vulnerability in Mozilla Firefox.

Attack is based on idea of using of pkcs11.addmodule by Dan Kaminsky. Attack
belongs to type of blocking DoS (http://websecurity.com.ua/2550/). I wrote
already about blocking DoS vulnerabilities and it's new one.

DoS:

http://websecurity.com.ua/uploads/2009/Firefox%20DoS%20Exploit2.html

With the exploit Firefox blocks.

Vulnerable are all versions of Mozilla and Mozilla Firefox 3.0.13 and
previous versions.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3500/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic