DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051795 漏洞类型
发布时间 2009-07-26 更新时间 2009-07-26
CVE编号 CVE-2009-2576
CVE-2009-2577
CVE-2009-2578
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009070179
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Hello Bugtraq!

I want to warn you about Denial of Service vulnerabilities in Firefox, Internet Explorer, Opera and Chrome.

Recently buffer overflow vulnerability in Mozilla Firefox 3.5 was found by Andrew Haynes and Simon Berry-Byrne (http://websecurity.com.ua/3337/). After I checked at 16.07.2009 this vulnerability in different browsers, I found that this Denial of Service vulnerability also exists in Firefox 3.0.11, Internet Explorer 6 and Opera 9.52 (and later also in Chrome 2.0.172).

DoS:

http://websecurity.com.ua/uploads/2009/Firefox,%20IE%20&%20Opera%20DoS%20Exploit2.html

With this exploit Firefox crashes, IE6 consumes resources of CPU and RAM, Opera freezes at that consumes resources of CPU and RAM, and Chrome crashes.

Vulnerable version is Mozilla Firefox 3.0.11 and previous versions (and also Firefox 3.5).

Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous versions. And potentially next versions (IE7 and IE8).

Vulnerable version is Opera 9.52 and previous versions (and potentially next versions too).

Vulnerable version is Google Chrome 2.0.172 and previous versions. At that Google Chrome 1.0.154.48 is not vulnerable - it's possible that vulnerable is only Chrome 2.x.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3338/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua