On 2003-07-09 at 08:55 -0700, Kelson Vibber wrote:
However, it seems to me that it would be just as trivial to put several malicious images on a single page, each targeting a different system. It's not as if multiple images on a page - or even multiple broken images - would raise much suspicion.
No, because the first one that overflows the buffer will either crash the browser or successfully exploit the issue. People tend to notice when their browser crashes ;^) -- or at least, I do which is another reason why I like Dillo. :^) My boss too is a convert because of the simplicity, stability and speed, only resorting to other browsers when necessary. So it's an all-or-nothing attack -- unless you happen to know that on one platform the browser loads images in one order and on another platform it loads them in reverse order, in which case you can conceivably get two attack opportunities for the price of one. You don't see a broken image link if the browser has already been compromised or crashed. Hence a user-agent saying "I'm this version of this browser running on this OS on this hardware platform" is, uhm, interesting. Knowing Netscape 4.76 tells the attacker which security holes you're vulnerable to; knowing the other details says which exploit is likely to work. Many types of shellcode can to some extent successfully handle different builds using different locations. But hey, it's trivial to find the place in the code to make such changes in Dillo, so anyone who's bothered by the issue can do something about it. So don't let people like me stop you from doing this -- I just ask that people consider the issues before doing something just because every other browser does it. -- 2001: Blogging invented. Promises to change the way people bore strangers with banal anecdotes about their pets. <http://www.thelemon.net/issues/timeline.php>