RE: DoS_Browser

From: Wolf, Glenn (glenn.wolf@we-inc.com)
Date: Thu Jun 27 2002 - 11:45:08 PDT

  • Next message: cluestickat_private: "Cluestick Advisory #000"

    Unless you DoS the user by inducing a seizure with flashing colors...
    
    Another related quasi-DoS I have seen is self-referencing framesets which
    tend to chew up memory VERY quickly.  (i.e., create a page divided into 4
    frames, each of which use the main page file as their source, causing them
    each to divide into 4 frames... so you get 4 frames, then 16, then 256, then
    65536, etc. until the browser chokes -- on Win95 this caused a BSOD)
    
    Glenn
    
    
    -----Original Message-----
    From: Elan Hasson [mailto:elanat_private]
    Sent: Thursday, June 27, 2002 9:21 AM
    To: FBE FBE; bugtraq-helpat_private;
    incidents-helpat_private; vuln-devat_private
    Subject: RE: DoS_Browser
    
    
    That's not a DoS!
    
    There was a thread about this earlier..Its just an infinate loop that does a
    bit of color changing.
    
    -----Original Message-----
    From: FBE FBE [mailto:nms_fbeat_private]
    Sent: Tuesday, June 25, 2002 7:41 AM
    To: bugtraq-helpat_private; incidents-helpat_private;
    vuln-devat_private
    Subject: DoS_Browser
    
    
    
    
    Name      : DoS on IE ( All Version ) , outlook ( all version ), Motzilla (
    all browser )
    Date      : june 25, 2002
    Product   : Internet Explorer ( all version )
                Outlook ( all version )
                Mozilla ( all version )
    
    Vuln Type : DoS Vulnerability
    Severity  : HIGH RISK
    
    Infos :
    An insertion of code HTML below makes it possible to make a Back on the
    totality of Browser.
    This problem after surroundings 20 second (on Windows) can generate a stop
    of service on the programs running.  During shutdow the PC an error OE
    appears.
    
    On linux ( Motzilla )
    Only the browser will stop
    
    Source Code :
    
    It's possible to insert this code on mail ( same result) DoS on outlook and
    possibility to put a various code ( virus and other )
    
    Regards
    



    This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 15:24:49 PDT