Classification of DoS vulnerabilities in browsers

22:42 22.10.2008

This is English version of my Classification of DoS vulnerabilities in browsers article.

During doing the researches of security of browsers in this year, especially in last two months (when I did projects Day of bugs in Google Chrome and Day of bugs in browsers), I created my own classification of DoS vulnerabilities in browsers. Among different browsers I often have to deal with Denial of Service vulnerabilities and they are various, with some typical criterions, which I decided to highlight in this classification.

All these vulnerabilities of denial of service are DoS, but instead of one general type of this class of vulnerabilities now, if necessary, will be possible to use three types (for refinement). These DoS types are typical for browsers. Note, that other client applications can have all or part of these types of DoS vulnerabilities.

There are next types of Denial of Service vulnerabilities in browsers:

1. Crashing DoS.

2. Blocking DoS.

  • Freezing.
  • Blocking.

3. Resources consumption DoS.

  • CPU overload.
  • Memory consumption.

Quite often such holes in browsers occur, which combine symptoms of some types of DoS. These are joint DoS vulnerabilities, where simultaneously take place two DoS attacks. For example, freezing and resources consumption, or blocking and resources consumption. Also holes occur, which belong to type Resources consumption DoS, when takes place consumption of both resources (CPU and RAM).

In case of Crashing DoS, browser completely crashes (application closes), which can leads to loss of unsaved data.

In case of Blocking DoS, browser blocks (it not crashes). When freezing browser not responds to user actions and it’s not possible to continue work with it. When blocking browser not freezes, but work with it completely blocks. In both subspecies of these type of DoS vulnerabilities, work with browser becomes impossible and user forced to close it by himself.

In case of Resources consumption DoS, browser begins taking main resources of computer. It can be CPU resources, or RAM, or both resources simultaneously. In case of memory consumption effect from attack will come faster, but CPU consumption attacks more mean and dangerous. These DoS attacks lead to slowing down performance of user’s computer, i.e. affect on whole computer and all started applications. And user of browser forced to close it by himself.

DoS vulnerabilities in browsers are dangerous for users. Which I wrote about already in article Dangers of DoS attacks on browsers.


Leave a Reply

You must be logged in to post a comment.