[Full-Disclosure] IE sp2 and Mozilla Firefox DoS.

From: bipin gautam (visitbipin_at_yahoo.com)
Date: 12/27/04

  • Next message: Michael Evanchik: "RE: [Full-Disclosure] YEY AGAIN Automatic remotecompromiseofInternetExplorer Service Pack 2 XP SP2" 
    Date: Mon, 27 Dec 2004 10:24:14 -0800 (PST)
To: full-disclosure@lists.netsys.com

    There is an issue with these browser rendering html's
    with long titles.
    Only Tested on:
    --------------
    Internet Explorer(SP2): 6.0.2900.2180
    Mozilla firefox: 1.0

    Not affected:
    -------------
    Mozilla Browser

    Have a look at,
    ___________________
    <html>
    <head> <title> ....(put)3.5 MB OF data.......

    </html>
    ___________________
     

    For IE beyond 1 Mb will just do fine. On execution,
    Mozilla Firefox starts filling up all the available
    system memory with 100% CPU use.

    Internet explorer renders 100% CPU use, but no system
    instability. (O;
    I've tested it on Windows XP SP2.

    Both Firefox & IE supports decompression method 'gzip'
    ie. an extended request header named
    HTTP_ACCEPT_ENCODING like
    HTTP_ACCEPT_ENCODING=gzip,deflate

    By this way, the file can be kept around few kilobytes
    in the server and delivered easily. I wonder, why
    such... simple issue went un-noticed to everyone for
    years...

                    
    __________________________________
    Do you Yahoo!?
    Send holiday email and support a worthy cause. Do good.
    http://celebrity.mail.yahoo.com
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Michael Evanchik: "RE: [Full-Disclosure] YEY AGAIN Automatic remotecompromiseofInternetExplorer Service Pack 2 XP SP2"

    Relevant Pages