[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firefox 1.5.0.3 - DoS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Firefox 1.5.0.3 - DoS
From: Flavio Visentin <THe_ZiPMaN@xxxxxxxxx>
Date: Thu, 11 May 2006 01:09:21 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

p4.werterxyz@xxxxxxxxx wrote:
> test2:
> http://werterxyz.altervista.org/test2.html
> http://geocities.com/werterxyz/test2.html

* Mozilla claims this is a security bug with normal severity.
https://bugzilla.mozilla.org/show_bug.cgi?id=334341

* Secunia classify this as a not critical security bybass.
http://secunia.com/advisories/19698/

* Some days ago yesn@xxxxxxxx claimed that this was a "code execution
exploit". (LOL)

* Now this guy claims this is a "Denial of Service". (ROTFL)

Maybe someone should explain this people which is the differences
between a security threat, an application bug, and an expected behaviour.

This is a DoS as the following.

I found a new denial of service vulnerability in Windows CMD.EXE that
affects all Windows versions that have the CMD.EXE executable.
The user must execute a new shell and write this text followed by the
Enter button:

for /l %i in (1,1,10000) do explorer.exe

- --
Flavio Visentin
GPG Key: http://www.zipman.it/gpgkey.asc

There are only 10 types of people in this world:
those who understand binary, and those who don't.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEYnKhusUmHkh1cnoRAiHcAJ0aA9n+kFBSuP3De6zdZBDTwBI+YgCeI3fb
n2QLWmC7JxAwEmR+lPWcLIU=
=I+Iu
-----END PGP SIGNATURE-----

References:
- Firefox 1.5.0.3 - DoS
  - From: p4 . werterxyz

Prev by Date: Dovecot IMAP: Mailbox names list disclosure with mboxes
Next by Date: Several flaws in e-business designer (eBD)
Previous by thread: Re: Firefox 1.5.0.3 - DoS
Next by thread: Re: Firefox 1.5.0.3 - DoS
Index(es):
- Date
- Thread