[chadfree] New Browser Flaw Out

• From: "Mike" <mikebike@xxxxxxxxx>
• To: chadfree@xxxxxxxxxxxxx
• Date: Mon, 29 Nov 2004 15:04:26 -0800

New Browser Flaw Out  By Sean Michael Kerner

http://www.esecurityplanet.com/trends/article.php/3440971

It's not rare when a flaw disables Microsoft Internet Explorer (IE), but it
is rare when the same flaw affects the alternatives. 

That's the unfortunate case with a new bug that targets the Mozilla Browser,
Mozilla Firefox, Opera and Apple Safari. It causes them to crash and could
potentially form the basis of an exploit that would affect virtually all
major browsers. 

The bug has been called the Infinite Array Sort Denial Of Service
Vulnerability and causes the affected browsers to execute an infinite
JavaScript array sort. That operation in turn effectively causes a DoS on
the browser in question and causes it to crash by exhausting stack memory. 

At present there are no confirmed exploits in the wild that expand the
vulnerability to execute malicious code, though that may only be a matter of
time. 

Independent security researcher Berend-Jan Wever is credited with
discovering the flaw. Though the flaw was just disclosed on security mailing
lists, Wever has been aware of the flaw for some time and like many
researchers had begun his efforts with a focus on IE. 

"I do not remember the exact details, since I found it quite some time ago.
I was probably looking for flaws in IE by guessing what might crash it,"
Wever told internetnews.com. "I've found a few vulnerabilities caused by
JavaScript infinite loops and one in the sort() routine earlier. Probably it
was an educated yet lucky guess. It's been on my hard disk ever since." 

The actual code required to crash the browsers has been publicly disclosed
by Wever and contains only four lines of code. 

Wever came under some fire from other members of the security community on
various security mailing lists for disclosing the vulnerability, as well as
his previous disclosures regarding the IFRAME vulnerability. In a public
post, Wever defended his disclosure and reminded the community that other
less scrupulous individuals exist that find vulnerabilities and exploit them
for greater profit. 

"What if I was without integrity, as some people would have it, and would
write a worm exploiting some (or all) of the bugs I had found over the
years?" Wever wrote. 

Bug entries have been posted to Mozilla's Bugzilla reporting system, but at
press time, neither Mozilla nor Microsoft, Apple or Opera have posted any
patches for the flaw. 
From; http://esecurityplanet.com/

Mike ~ one of the Moderators
It is a good day if I learned something new.
Editor MikesWhatsNews http://www.mwn.ca/ 



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Was this forwarded to you?  Want to subscribe?  Send an email 
to chadfree-request@xxxxxxxxxxxxx?Subject=subscribe.

For a complete list of email commands for our list send an email 
to ecartis@xxxxxxxxxxxxx with a subject line of "info chadfree" without the 
quotes.

If you wish to unsubscribe from our list send an email to;
 chadfree-request@xxxxxxxxxxxxx?Subject=unsubscribe

To contact the list moderators send an email to 
chadfree-moderators@xxxxxxxxxxxxx
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription