Download Firefox: WindowsMac OS X
logo       
Google Custom Search
    AddThis Social Bookmark Button
<prev   next>

Are browser DOS bugs are still security bugs?: msg#00006

Subject: Are browser DOS bugs are still security bugs? 
  After submitting two bugs to the Mozilla project which
 result in a browser lockup due to resource exhaustion I'm
 a little confused.

  I assume that if a DOS attack works, such that a 
 browser either crashes or must be killed this can 
 be a classified as a security attack.

  Sure arbitary code isn't executed, but it's remote and
 seems more "serious" than a random segmentation fault.
 (Maybe I'm just increasing the severity because it's
 annoying when my browser with N+1 tabs open crashes!)

  Anybody have any thoughts?

  (I guess it's more clear-cut when you can DOS a login
 system such as PAM, rather than just one distinct 
 application).

Steve
--
# The Debian Security Audit Project.
http://www.debian.org/security/audit
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: strlen(NULL) exploitable?, Uwe Hermann
Next by Date:  Re: strlen(NULL) exploitable?, Imran Ghory
Previous by Thread:  strlen(NULL) exploitable?, Uwe Hermann
Indexes:  [Date] [Thread] [Top] [All Lists]

    ^^^ ADDITIONAL NAVIGATION ^^^

  
Google Custom Search

Recently Viewed:
emacs.dvc.devel...    java.displaytag...    ietf.rfc822/199...    linux.altlinux....    redhat.fedora.r...    python.ctypes/2...    video.panorama/...    freedesktop.xor...    audio.emagic.lo...    netbsd.devel.us...    documentation.t...    yellowdog.gener...    gnome.mono.mono...    bacula.user/200...    shells.bash.bug...    xfree86.devel/2...    culture.bicycle...    mozilla.devel.n...    web.squid.gener...    user-groups.gul...    kde.amarok.bugs...    org.user-groups...    handhelds.linux...    tex.context/200...   
Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo