Re: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.

From: phased (phased_at_mail.ru)
Date: 12/28/04

  • Next message: class 101: "[Full-Disclosure] [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc inside."
    To: bipin gautam <visitbipin@yahoo.com>
    Date: Tue, 28 Dec 2004 17:51:09 +0300
    
    

    Probably because there is a simple solution, close the browser, end of
    problem.

    -----Original Message-----
    From: bipin gautam <visitbipin@yahoo.com>
    To: full-disclosure@lists.netsys.com
    Date: Mon, 27 Dec 2004 10:24:14 -0800 (PST)
    Subject: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.

    >
    > There is an issue with these browser rendering html's
    > with long titles.
    > Only Tested on:
    > --------------
    > Internet Explorer(SP2): 6.0.2900.2180
    > Mozilla firefox: 1.0
    >
    > Not affected:
    > -------------
    > Mozilla Browser
    >
    > Have a look at,
    > ___________________
    > <html>
    > <head> <title> ....(put)3.5 MB OF data.......
    >
    > </html>
    > ___________________
    >
    >
    > For IE beyond 1 Mb will just do fine. On execution,
    > Mozilla Firefox starts filling up all the available
    > system memory with 100% CPU use.
    >
    > Internet explorer renders 100% CPU use, but no system
    > instability. (O;
    > I've tested it on Windows XP SP2.
    >
    > Both Firefox & IE supports decompression method 'gzip'
    > ie. an extended request header named
    > HTTP_ACCEPT_ENCODING like
    > HTTP_ACCEPT_ENCODING=gzip,deflate
    >
    > By this way, the file can be kept around few kilobytes
    > in the server and delivered easily. I wonder, why
    > such... simple issue went un-noticed to everyone for
    > years...
    >
    >
    >
    > __________________________________
    > Do you Yahoo!?
    > Send holiday email and support a worthy cause. Do good.
    > http://celebrity.mail.yahoo.com
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: class 101: "[Full-Disclosure] [HAT-SQUAD] NetCat Remote Critical Vulnerability, Poc inside."