|
-
May 11th, 2006, 03:04 PM
#1
SANS ISC Update: Firefox 1.5.0.3 Vulnerability Update (NEW)
Wheee! I have also bolded their proposed solution.
Link: http://isc.sans.org/diary.php?storyid=1327
The story so far:
Published: 2006-05-11,
Last Updated: 2006-05-11 11:50:09 UTC by Johannes Ullrich (Version: 1)
Ronald sent us a PoC DoS exploit, which uses the recently discussed Firefox 1.5.0.3 image issue.
His prove of concept exploit will use javascript to generate image tags with 'mailto:' link, which in turn will open the mail application automatically without any user interaction. As a result, many mail windows (e.g. Outlook) will be opened and the system will become unresponsive.
One possible workaround is to turn off automatic startup of your e-mai application in Firefox. To do so, enter in the URL bar: about:config . This will show a long list of configuration options. Search for 'warn-external.mailto' (e.g. use the 'Filter' option). By default, this value should be set to "false". Click on the line to toggle it to "true" (it will be bold if it is not set to the default).
Now, whenever you click on a mailto: link, you will first be asked if you would like to start your e-mail application. In the case of the exploit this will keep your system responsive, even though you may still have to click on all the dialogs.
Disabling javascript is another option, or disabling mailto: link all together. But these options are more intrusive.
For more details and a link to a PoC, see securityview.org
Annnd... from securityview.org:
Link: http://www.securityview.org/confirme...efox-1503.html
Annnd, their story so far - but you will see at the end, it's all a circle:
Confirmed bug in Firefox 1.5.0.3
We have confirmed a bug in Firefox 1.5.0.3 with DoS possibilities. When you download the source of the following page you will see what it does. It will open 100 mailforms, so be cautions when you open the link!
Update:
One way to mitigate this: set
“network.protocol-handler.warn-external.mailto’ to ‘true’ (its false by
default). This will show a popup dialog whenever a mailto link is
clicked (or opened in your case) instead of launching the mail
application right away. You still need to click the button 100 times,
but at least the system stays responsive.
Thanks to the guys at isc.sans.org for this workaround!
As many of us already know, as platforms or OS/OEs gain popularity, so too, do they become more likely targets of attack; so we just apapt our approach, and hopefully be a proactive as possible to head off any potential disaster events. As I stated before, *ahem-ahem, "Wheee!"
\"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote