HTML 5 bug allows huge data dumps on most Mac and PC Web browsers
A recently discovered flaw in the HTML 5 coding language could allow websites to bombard users with gigabytes of junk data, with a number of popular browsers being open to the vulnerability.
According to developer Feross Aboukhadijeh, who uncovered the bug this week, data dumps can be performed on most major Web browsers, including Apple's Safari, Google's Chrome, Microsoft's Internet Explorer and Opera, the BBC reported. The only browser to stop data dump tests was Mozilla's Firefox, which capped storage at 5MB.
The problem is rooted in how HTML 5 handles local data storage. While each browser has different storage parameters, many of which support user-definable limits, all provide for at least 2.5 megabytes of data to be stored on a user's computer.
Aboukhadijeh discovered a loophole that bypasses the imposed data cap by creating numerous temporary websites that are linked a user-visited site. Because most browsers don't account for the contingency, the secondary sites were allowed local storage provisions in amounts equal to the primary site's limit. By generating a multitude of linked websites, the bug can dump enormous amounts of data onto affected computers.
In testing the flaw, Aboukhadijeh was able to dump 1GB of data every 16 seconds on his SSD-equipped MacBook Pro with Retina display. He noted that 32-bit browsers like Chrome may crash before a disk is filled.
"Cleverly coded websites have effectively unlimited storage space on visitor's computers," Aboukhadijeh wrote in a blogpost.
The developer has released code to exploit the bug and has created a dedicated website called Filldisk to highlight the flaw. In true internet meme fashion, the site dumps images of cats on to an affected machine's hard drive.
Bug reports have already been sent to makers of the affected Web browsers, and Aboukhadijeh said malicious use of his code has yet to been seen in the wild.
According to developer Feross Aboukhadijeh, who uncovered the bug this week, data dumps can be performed on most major Web browsers, including Apple's Safari, Google's Chrome, Microsoft's Internet Explorer and Opera, the BBC reported. The only browser to stop data dump tests was Mozilla's Firefox, which capped storage at 5MB.
The problem is rooted in how HTML 5 handles local data storage. While each browser has different storage parameters, many of which support user-definable limits, all provide for at least 2.5 megabytes of data to be stored on a user's computer.
Aboukhadijeh discovered a loophole that bypasses the imposed data cap by creating numerous temporary websites that are linked a user-visited site. Because most browsers don't account for the contingency, the secondary sites were allowed local storage provisions in amounts equal to the primary site's limit. By generating a multitude of linked websites, the bug can dump enormous amounts of data onto affected computers.
In testing the flaw, Aboukhadijeh was able to dump 1GB of data every 16 seconds on his SSD-equipped MacBook Pro with Retina display. He noted that 32-bit browsers like Chrome may crash before a disk is filled.
"Cleverly coded websites have effectively unlimited storage space on visitor's computers," Aboukhadijeh wrote in a blogpost.
The developer has released code to exploit the bug and has created a dedicated website called Filldisk to highlight the flaw. In true internet meme fashion, the site dumps images of cats on to an affected machine's hard drive.
Bug reports have already been sent to makers of the affected Web browsers, and Aboukhadijeh said malicious use of his code has yet to been seen in the wild.
Comments
Watch Adobe play this up big time.
Nice of him to release this to the public before any of the browser developers can fix it.
There are also no retina MBPs without an SSD.
i must know the name of that song on the video!
Quote:
Originally Posted by UncleOwn
I like how it emphasizes his "his SSD-equipped MacBook Pro with Retina display". Whether or not he has an SSD or what kind of display is completely irrelevant to the bug. I have one of those machines also, but I'm not talking to people like "hey, can you shoot me an email to my SSD-equipped MacBook Pro with Retina display, BTO with extra features btw, sitting on an expensive table in my spacious 5th Avenue apartment, in front of the Van Gogh?".
There are also no retina MBPs without an SSD.
It's just another embarrassment for Apple. Time for Tim Cook to step down! /s
The fact that it performs exactly that function is hardly a bug. It's arguable that various (among different browsers) built-in size limits should be domain-specific rather than host-specific, but this is really not a particularly earth-shattering distinction; using additional domains to get access to more storage space doesn't require much more "cleverness" than using additional hostnames.
I don't know whether Aboukhadijeh is an attention whore, or whether click-craving sites are so desperate for traffic that they'll post whatever sensational-sounding "security" story they come across, regardless of whether they have the slightest idea what it means. It's sensationalist nonsense, either way.
What about the other browsers. Where is the proof for those
And what is the super huge issue. Is there some flaw that lets websites dump data into our computers and then come back and retrieve it, or possibly something else off our computers. Or is this just cached data that we can dump out like all other caches, ending the whole thing and the browser crashing. That is until a point update in the affected and allegedly affected browsers kills the issue.
Apple better block Safari and Chrome now....They block everything else for their users.
Quote:
Originally Posted by UncleOwn
I like how it emphasizes his "his SSD-equipped MacBook Pro with Retina display". Whether or not he has an SSD or what kind of display is completely irrelevant to the bug. I have one of those machines also, but I'm not talking to people like "hey, can you shoot me an email to my SSD-equipped MacBook Pro with Retina display, BTO with extra features btw, sitting on an expensive table in my spacious 5th Avenue apartment, in front of the Van Gogh?".
There are also no retina MBPs without an SSD.
I think this was mentioned to demonstrate how fast the data dumped to the drive. 1GB in 16secs
Originally Posted by macxpress
They block everything else for their users.
The implication being that you want unsafe plugins destroying your personal data, forcing Apple to be liable for something they're not.
Shazam is amazing.
Trololo by Eduard Khil
Quote:
Originally Posted by JBlongz
Quote:
Originally Posted by UncleOwn
I like how it emphasizes his "his SSD-equipped MacBook Pro with Retina display". Whether or not he has an SSD or what kind of display is completely irrelevant to the bug. I have one of those machines also, but I'm not talking to people like "hey, can you shoot me an email to my SSD-equipped MacBook Pro with Retina display, BTO with extra features btw, sitting on an expensive table in my spacious 5th Avenue apartment, in front of the Van Gogh?".
There are also no retina MBPs without an SSD.
I think this was mentioned to demonstrate how fast the data dumped to the drive. 1GB in 16secs
How do you figure since regular hard drives can write data at around 3GB/s?
Why shouldn't he want -- indeed, deserve -- his fifteen minutes of fame?
You'd think that the supposedly smart smart people in these gazillion-billion dollar corporations would not leave something so seemingly stupidly vulnerable in something as basic and ubiquitous as a browser.
Hooray for little Firefox.....
Quote:
Originally Posted by Tallest Skil
Watch Adobe play this up big time.
Why?
Quote:
Originally Posted by ciparis
There is a well-known (to developers) feature of HTML5 ...
Every browser has controls allowing you to delete this data. ...
I don't know whether Aboukhadijeh is an attention whore, or whether click-craving sites are so desperate for traffic that they'll post whatever sensational-sounding "security" story they come across, regardless of whether they have the slightest idea what it means. It's sensationalist nonsense, either way.
This. The situation is known to HTML5 developers. The W3C also has a spec to prevent it, which just hasn't been implemented outside of Firefox yet.
As for implementation, you could also change just the port number, and HTML5 gives you another storage space set as well.
Quote:
Originally Posted by charlituna
And what is the super huge issue. Is there some flaw that lets websites dump data into our computers and then come back and retrieve it, or possibly something else off our computers.
They can't steal anything. This is just about filling up the hard drive with HTML5 storage, after which you can go to the options on any browser and delete it manually.
Hmm. So another thing that should be implemented in browsers to prevent this, might be a setting for max portion of hard drive to allocate for localstorage, just like they do for web page caching.
Please tell me where you get your 3 GB/s Hard drives I really want one!
FYI: Local Data Storage implementations are just in the early stages of being ready to role outside of nightly builds for WebKit and/or Mozilla, not to mention IE.
These boundary conditions will be put in place.
Making this an AI fluff piece is pathetic.
Quote:
Originally Posted by digitalclips
Quote:
Originally Posted by mstone
How do you figure since regular hard drives can write data at around 3GB/s?
Please tell me where you get your 3 GB/s Hard drives I really want one!
Sorry that should be Gbits not bytes and as I just looked it up, 3Gb is the theoretical maximum write speed for SATA II so practically speaking it would be quite a bit less however it could be pointed out that even at the easily attainable 150 MB per second, the HDD is still plenty fast enough to write 1GB in a lot less than 16 seconds so the specification of SSD mentioned in the article is still irrelevant.
Quote:
Originally Posted by Tallest Skil
Watch Adobe play this up big time.
Flash has web site storage. The problem, as described, would very likely exist in Flash's own storage engine.
Mozilla, on the other hand, has every right to brag and play this up. I do not think Mozilla will though.