3 Mar 2009 04:29
Re: Apple Safari ... DoS Vulnerability
<bobby.mugabe <at> hushmail.com>
2009-03-03 03:29:39 GMT
2009-03-03 03:29:39 GMT
Dear Nick, You and Thierry Loller are wrong. -bm On Mon, 02 Mar 2009 21:28:17 -0500 Nick FitzGerald <nick <at> virus- l.demon.co.uk> wrote: >Chris Evans to Thierry Zoller: > >> > Example >> > If a chrome tab can be crashed arbritarely (remotely) it is a >DoS attack >> > but with ridiculy low impact to the end-user as it only >crashes the tab >> > it was subjected to, and not the whole browser or operation >system. >> > But the fact remains that this was the impact of a DoS >condition, >> > the tab crashes arbritarily. >> >> Eh? If you visit www.evil.com and your tab crashes, that's no >> different from www.evil.com closing its own tab with Javascript. > >But what if www.evil.com has run an injection attack of some kind >(SQL, >XSS in blog comments, etc, etc) against www.stupid.com? > >Visitors to stupid.com then suffer a DoS... > >Yes, stupid.com should run their site better, fix their myriad XSS >holes, >etc, etc. > >But this is the Internet, so this "software flaw" can be leveraged >as >security vulnerability. > >I'm with Thierry on this... > > >Regards, > >Nick FitzGerald > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/
RSS Feed