596743 – Firefox: DoS via email

Bug 596743 - Firefox: DoS via email

Summary: Firefox: DoS via email

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://translate.google.com/translate...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-05-27 12:31 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:36 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-05-27 12:37:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jan Lieskovsky 2010-05-27 12:31:53 UTC

Security researcher, known under nickname "MustLive", reported:
  [1] http://www.securityfocus.com/archive/1/511327/100/0/threaded

a deficiency in the way Firefox processed web pages, with embedded
images, whose resource pointed to URL, which redirected to a "mailto:"
URL. If a local user was tricked into visiting of such web page,
it could lead to denial of service (excessive resources consumption
or crash).

References:
  [2] http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
  [3] http://www.mozilla.org/security/announce/2010/mfsa2010-23.html

Public PoC:
  [4] http://websecurity.com.ua/uploads/2010/Firefox%20DoS%20Exploit.html

Comment 1 Jan Lieskovsky 2010-05-27 12:34:57 UTC

Official statement from Red Hat Security
Response Team, regarding this deficiency:
-----------------------------------------

Red Hat Security Response Team does not consider a user assisted
denial of service (and potential crash) of end user application,
such a Firefox, to be a security issue.

Note You need to log in before you can comment on or make changes to this bug.