Bug 596743 - Firefox: DoS via email
Firefox: DoS via email
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Red Hat Product Security
http://translate.google.com/translate...
impact=none,reported=20100522,public=...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-27 08:31 EDT by Jan Lieskovsky
Modified: 2015-08-19 04:48 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-27 08:37:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2010-05-27 08:31:53 EDT
Security researcher, known under nickname "MustLive", reported:
  [1] http://www.securityfocus.com/archive/1/511327/100/0/threaded

a deficiency in the way Firefox processed web pages, with embedded
images, whose resource pointed to URL, which redirected to a "mailto:"
URL. If a local user was tricked into visiting of such web page,
it could lead to denial of service (excessive resources consumption
or crash).

References:
  [2] http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
  [3] http://www.mozilla.org/security/announce/2010/mfsa2010-23.html

Public PoC:
  [4] http://websecurity.com.ua/uploads/2010/Firefox%20DoS%20Exploit.html
Comment 1 Jan Lieskovsky 2010-05-27 08:34:57 EDT
Official statement from Red Hat Security
Response Team, regarding this deficiency:
-----------------------------------------

Red Hat Security Response Team does not consider a user assisted
denial of service (and potential crash) of end user application,
such a Firefox, to be a security issue.

Note You need to log in before you can comment on or make changes to this bug.