RE: [Full-Disclosure] Re: IE bugs (Was: Web browsers - a mini-farce)

From: Aviv Raff (avivra_at_012.net.il)
Date: 10/20/04

  • Next message: Richard Stevens: "[Full-Disclosure] interesting trojan found" 
    To: "'Berend-Jan Wever'" <skylined@edup.tudelft.nl>, <full-disclosure@lists.netsys.com>
Date: Wed, 20 Oct 2004 18:58:01 +0200

    A collection of a lot of crashing scenarios in Mozilla can be found here:
    https://bugzilla.mozilla.org/buglist.cgi?query_format=&short_desc_type=allwo
    rdssubstr&short_desc=crash&product=Browser&product=Firefox&long_desc_type=su
    bstring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whi
    teboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywor
    ds=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1
    =1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_con
    tact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfro
    m=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+ti
    me&field0-0-0=noop&type0-0-0=noop&value0-0-0=

    I don't think that these and other not security related issues should be
    discussed here.

    --Aviv.

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Berend-Jan
    Wever
    Sent: Wednesday, October 20, 2004 1:44 PM
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] Re: IE bugs (Was: Web browsers - a mini-farce)

    Here's some IE bugs out of my own collection that still aren't patched
    (IE6.0 W2K):

    Stack overflows (_not_ buffer overflows):
    <HTML>
      <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); }
    </SCRIPT>
      <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); }
    </SCRIPT> </HTML> <HTML> <BODY onLoad="A"><IMG src="::"
    onError="this.src=this.src;"></BODY> </HTML>

    Null pointer:
    <HTML style="width:expression(navigate('?#'))">
      <HEAD> <META http-equiv="Page-Enter" content="blendTrans()"> </HEAD>
    </HTML>

    None of them pose a security-risk and they all require JavaScript. So now I
    actually forgot why I decided to mention them in a reply to this post. Well,
    maybe MS can fix them in the next SP now that they know about them...

    Cheers,
    SkyLined

    ----- Original Message -----
    From: "Martin" <nakal@nurfuerspam.de>
    To: "Michal Zalewski" <lcamtuf@ghettot.org>
    Cc: "Full Disclosure" <full-disclosure@netsys.com>
    Sent: Wednesday, October 20, 2004 02:38
    Subject: Re: [Full-Disclosure] Web browsers - a mini-farce

    > Am Mo, den 18.10.2004 schrieb Michal Zalewski um 16:18:
    >
    > > All browsers but Microsoft Internet Explorer kept crashing on a
    regular
    > > basis
    >
    > Here, may I make your collection more complete?
    >
    > This one is for IE6 on MS-Windows 2000:
    >
    > <html><base href="ftp*://">
    > <body>
    > <iframe src="????"/>
    > </body>
    > </html>
    >
    > Martin
    >
    > PS: No, it's not been discovered by your tool. And I reported
    > it already several years ago.
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    ############################################################################
    #########
    This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro
    Interscan

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Richard Stevens: "[Full-Disclosure] interesting trojan found"