[Full-Disclosure] IE sp2 and Mozilla Firefox DoS.
From: bipin gautam (visitbipin_at_yahoo.com)
Date: 12/27/04
- Previous message: class 101: "[Full-Disclosure] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Dec 2004 10:25:07 -0800 (PST) To: full-disclosure@lists.netsys.com
There is an issue with these browser rendering html's
with long titles.
Only Tested on:
--------------
Internet Explorer(SP2): 6.0.2900.2180
Mozilla firefox: 1.0
Not affected:
-------------
Mozilla Browser
Have a look at,
___________________
<html>
<head> <title> ....(put)3.5 MB OF data.......
</html>
___________________
For IE beyond 1 Mb will just do fine. On execution,
Mozilla Firefox starts filling up all the available
system memory with 100% CPU use.
Internet explorer renders 100% CPU use, but no system
instability. (O;
I've tested it on Windows XP SP2.
Both Firefox & IE supports decompression method 'gzip'
ie. an extended request header named
HTTP_ACCEPT_ENCODING like
HTTP_ACCEPT_ENCODING=gzip,deflate
By this way, the file can be kept around few kilobytes
in the server and delivered easily. I wonder, why
such... simple issue went un-noticed to everyone for
years...
Bipin Gautam
http://www.geocities.com/visitbipin/
http://www.nepsecure.tk
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: class 101: "[Full-Disclosure] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
