Bugtraq mailing list archives

Re: Object tag crashes Internet Explorer 4.0

From: fw () CYGNUS STUTTGART NETSURF DE (Florian Weimer)
Date: Sat, 8 Aug 1998 11:18:45 +0200


Paul Leach <paulle () MICROSOFT COM> writes:

However, web pages can contain more complex constructs than that, constructs
that can make them into (in the general case) full fledged, Turing complete,
programs.


BTW: Regarding security concerns, it is completely irrelevant whether
the `algorithm' implemented by a `dynamic' HTML page is (provably)
terminating or not.  For DoS attacks, you have to grab only a finite
amount of resources to make the system unusable, which, of course, is
possible in a finite amount of program steps.

IMHO, it's much better to impose strict limits on the amount of system
resources a Web browser may use rather than to implement sophisticated
algorithms which try to prove that those limits are not exceeded.  The
latter might even require more resources than simply displaying the
page.

Current thread:

Description of the Eudora Security Hole, (continued)
- - Description of the Eudora Security Hole Aleph One (Aug 07)
- resend Steve Bellovin (Aug 06)
  - Re: resend Casper Dik (Aug 07)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
  - Re: Object tag crashes Internet Explorer 4.0 Joe (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
  - Re: Object tag crashes Internet Explorer 4.0 Roger Espel Llima (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Florian Weimer (Aug 08)