RE: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.

• Previous message: GuidoZ: "Re: [Full-Disclosure] Suspect phpBB users"
• Maybe in reply to: bipin gautam: "[Full-Disclosure] IE sp2 and Mozilla Firefox DoS."
• Next in thread: morning_wood: "Re: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 28 Dec 2004 05:56:40 -0800 (PST)
To: full-disclosure@lists.netsys.com

--- "ALD, Aditya, Aditya Lalit Deshmukh"
<aditya.deshmukh@online.gateway.expertworks.net>
wrote:

> >
> >Both Firefox & IE supports decompression method
> 'gzip'
> >ie. an extended request header named
> >HTTP_ACCEPT_ENCODING like
> >HTTP_ACCEPT_ENCODING=gzip,deflate
>
>
> >By this way, the file can be kept around few
> kilobytes
> >in the server and delivered easily. I wonder, why
> >such... simple issue went un-noticed to everyone
> for
> >years...
>
>
> Dear bipin,
>
> Good observation ! Works for me on mozilla 1.7.5
> also on win2k sp4 and all
> other patches
>
> But Is this not a small issue that can happen to
> kind of data? .... 3.5 mb
> of data as a pic image or a pic with very high width
> will also do the same
> and there will certainly be more of such doss`
that was one of an old advisory! but, i think this
issue has been fixed.
http://www.geocities.com/visitbipin/crazy0.html
http://www.securityfocus.com/bid/10913

yap, that's why I specifically mentioned the...
HTTP_ACCEPT_ENCODING=gzip,deflate (O;
Moreover, when the file is being download from a
remote server and being loded, the DoS has already
been triggered! I'd only tested it on Mozilla
Browser(Linux) and falsely concluded Mozilla isn't
pron to this bug!

Can anyone test it for OPERA as well?
regard,
bipin

                
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: GuidoZ: "Re: [Full-Disclosure] Suspect phpBB users"
• Maybe in reply to: bipin gautam: "[Full-Disclosure] IE sp2 and Mozilla Firefox DoS."
• Next in thread: morning_wood: "Re: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages port ... it's default port is 4500. ... the server didn't complain that it's ... Do you Yahoo!? ... Mail SpamGuard - Read only the mail you want. ... (SunManagers) Re: Cant send/receive!! ... The connection to the server has failed. ... Account: 'pop.gmail.com', Server: ... Please let me know if the Yahoo pay plan is easier to install and I'll just ... (microsoft.public.windows.vista.mail) RE: Blocking Yahoo causing issues with DHCP? ... To make sure your SBS 2003 server have right network configuration. ... I'd like to confirm the deny rule about Yahoo ... What's edition of your ISA? ... (microsoft.public.windows.server.sbs) Re: POP3 CONNECTORS ... Your response was perfect and really appreciated. ... > The following are the basic server settings for Yahoo! ... Mail SMTP server now requires authentication. ... > Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: Cant send email from Windows Mail Live ... There is no Accounts listed under Tools (on my Yahoo toolbar)..only Internet ... The message could not be sent because the server rejected the sender's ... the 'Yahoo Mail' account, click Properties. ... the help with getting Windows Mail going. ... (microsoft.public.windows.vista.mail)