CraSSh pure-CSS vulnerability

General discussion about web technology.

CraSSh pure-CSS vulnerability

Postby barbaz » Wed Dec 05, 2018 10:15 pm

https://cras.sh/

I tried the PoC in a VM, and it froze the entire VM! :o I had to force power off the VM.

Is it possible for an extension (maybe NoScript?) to mitigate this sort of thing?
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 8724
Joined: Sat Aug 03, 2013 5:45 pm

Re: CraSSh pure-CSS vulnerability

Postby therube » Thu Dec 06, 2018 1:03 am

Already fixed on the FF end, scheduled for FF 65, I believe.

PM: https://forum.palemoon.org/viewtopic.php?p=157120#p157120
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
User avatar
therube
Ambassador
 
Posts: 7209
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: CraSSh pure-CSS vulnerability

Postby barbaz » Thu Dec 06, 2018 1:41 am

therube wrote:Already fixed on the FF end, scheduled for FF 65, I believe.

This bug? - https://bugzilla.mozilla.org/show_bug.cgi?id=1510862
*Always* check the changelogs BEFORE updating that important software!
Board search is currently partially broken: viewtopic.php?f=14&t=21752
Workaround: use your favorite search engine, add site:forums.informaction.com to your query
-
barbaz
Senior Member
 
Posts: 8724
Joined: Sat Aug 03, 2013 5:45 pm

Re: CraSSh pure-CSS vulnerability

Postby therube » Thu Dec 06, 2018 3:36 am

Yeah, that's the one I saw the other day.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5
User avatar
therube
Ambassador
 
Posts: 7209
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: CraSSh pure-CSS vulnerability

Postby GµårÐïåñ » Thu Dec 06, 2018 3:57 am

Tried it, didn't do anything for me, just crashed the tab it was on and that's it.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
User avatar
GµårÐïåñ
Lieutenant Colonel
 
Posts: 3314
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA


Return to Web Tech

Who is online

Users browsing this forum: No registered users and 2 guests