John Percival wrote: > > I'm going to try and throw another issue into this discussion now too: > denial of service. We have discussed it for attacking remote servers, but > not for the client viewing the image. It's something else that I spotted > while I was playing around with this issue just now. > > If you have images that include a mailto:meat_private source, > then the default handler for mailto: links is opened up. Be that Outlook, > Netscape Composer, Eudora, or whatever else you care to use. > > So if someone embedded 100 (arbitrary figure) mailto: images in a page, then > this would do a lot of harm to the user's computer. At best, it would get > very busy for a few minutes creating new emails, and would be a pain to > clear up. At worst, it could bring the whole system crashing down. Netscape 4.77 crashes at about 50 such IMG tags, IF they are different (simply putting mailto:fakeluser@fakedomain 100 times won't work (opens only 2 message windows)), but if you go with some script... instant crash (try it now free of charge at http://msz.pmp.com.pl/boom/ ;-)). -- I'm an ugly boy | Nie wchodzic na http://msz.pmp.com.pl/ My face makes you hurl | REKLAMY: I'm a relation | Dla snobow: http://www.filharmonia.pl/ To Frankenstein's creation | Wypij za mnie: http://www.fws.pl/
This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 10:02:50 PDT