[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] safari dos

To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Subject: [Full-Disclosure] safari dos
From: "kang@insecure.ws" <kang@insecure.ws>
Date: Sat, 22 Nov 2003 01:58:21 +0100

Original is here: http://www.insecure.ws/article.php?story=20031122012748282

Safari will never exit a loop in javascript. Since javascript isn't executed in a thread, this cause a DoS (Safari crashes). Firebird has been tested and is not vulnerable. I don't know about other browers on MacOSX, but they are probably not vulnerable. (OmniWeb?)

/As usual, read more for exploit/explanation/

----------

|Adv: safari_0x02
Release Date: 22/11/03
Affected Products: Safari =< 1.1.1
Impact: Denial of Service
Severity: Remote, low
Author: kang, kang@insecure.ws
|

A very simple javascript block like this one:

while (true)
{ document.location "sherlock://com.apple.movies?" }

is enought to lock up Safari, effectivly DoSing it. Notice that you must call a protocol helper in the loop, here I'm calling Sherlock. Otherwise, the loop is aborted and Safari functions normally. There is no fix available yet. Vendor has been informed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] safari dos
  - From: Christian Horchert <chorchert@veedev.de>
- Re: [Full-Disclosure] safari dos
  - From: Christian Horchert <chorchert@veedev.de>
- Re: [Full-Disclosure] safari dos
  - From: "Grant Husbands" <fulldisclosure@grant.x43.net>

Prev by Date: [Full-Disclosure] windowsupdate.microsoft.com limits on how many times a computer can access it
Next by Date: Re: [Full-Disclosure] automated vulnerability testing
Previous by thread: Re: [Full-Disclosure] yet another panic() in OpenBSD
Next by thread: Re: [Full-Disclosure] safari dos
Index(es):
- Date
- Thread