Vulnerable Systems:
* Mozilla Firefox
* Microsoft Internet Explorer 6
* Microsoft Internet Explorer 8
* Google Chrome
* Opera
There is a DoS in different browsers via protocols news and nntp. These Denial of Service vulnerabilities belong to type blocking DoS and resources consumption DoS. These attacks can be conducted as with using JS, as without it (via creating of page with large quantity of iframes.)
This exploit for news protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180), Internet Explorer 8 (8.0.7600.16385), Google Chrome 1.0.154.48 and Opera 9.52.
In all mentioned browsers occurs blocking and overloading of the system from starting of Opera, which appeared as news-client at my computer, and IE8 crashes (at computer without Opera). And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers).
This exploit for nntp protocol works in Mozilla Firefox 3.0.19 (and besides previous versions, it must work in 3.5.x and 3.6.x), Internet Explorer 6 (6.0.2900.2180) and Opera 9.52.
In all mentioned browsers occurs blocking and overloading of the system from starting of Opera, which appeared as nntp-client at my computer. In IE8 the attack didn't work - possibly because that at that computer there was no nntp-client, Opera in particular. And in Opera the attack is going without blocking, only resources consumption (more slowly then in other browsers).
Disclosure Timeline:
26/05/2010: found vulnerabilities.
26/05/2010: informed developers: Mozilla, Microsoft, Google and Opera.
27/05/2010: disclosed.
