[Full-disclosure] Apple Safari ... DoS Vulnerability
nick at virus-l.demon.co.uk
Tue Mar 3 02:28:17 GMT 2009
Chris Evans to Thierry Zoller:
> > Example
> > If a chrome tab can be crashed arbritarely (remotely) it is a DoS attack
> > but with ridiculy low impact to the end-user as it only crashes the tab
> > it was subjected to, and not the whole browser or operation system.
> > But the fact remains that this was the impact of a DoS condition,
> > the tab crashes arbritarily.
> Eh? If you visit www.evil.com and your tab crashes, that's no
But what if www.evil.com has run an injection attack of some kind (SQL,
XSS in blog comments, etc, etc) against www.stupid.com?
Visitors to stupid.com then suffer a DoS...
Yes, stupid.com should run their site better, fix their myriad XSS holes,
But this is the Internet, so this "software flaw" can be leveraged as
I'm with Thierry on this...
Full-Disclosure is hosted and sponsored by Secunia.