Bugtraq mailing list archives
Re: XML in IE 5.0
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Fri, 14 Jan 2000 00:17:37 +0100
Mike Brown wrote:
David Komanek wrote:I'm just playing with XML around and have noticed strange behavior of MS Internet Explorer 5.0 : - if I let the MS IE display SMALL xml-file, everything seems to be O.K. - if I let the MS IE display A BIT BIGGER xml-file, everything goes wrong [symptoms of a memory leak, Microsoft bad, etc]IE 5.0 uses an XML parser written by Datachannel.com. Have you tested your file with this parser outside of the context of IE 5.0? You can download a standalone version of the MSXML parser from msdn.microsoft.com, and you can get Datachannel's version from datachannel.com. [Snip stuff about using good validators] I also don't see what this potential bug in the parser has to do with computer security.
A-hem. "Since we should be able to rely upon everyone sending us well-formed and validated data that conform to all standards, it doesn't matter if the software that we use to receive it is crappy. No one would willingly do us any harm!" (I'm sorry about the harsh tone, but, to me, that's the sum total of what you're saying?) I do agree that this particular bug won't "compromise" your system per se, but what about continually mailing large XML to someone using Outlook or some other mail software that uses MSIE to display HTML/XML? Yes, that's right, your victim wouldn't be able to read his/her email very effectively (or at all) - especially if this person has the preview pane activated :-) So, again, it's not a real compromise, but it does have the potential of disrupting business, which leads to loss of $$$. And the potential loss of $$$ is why companies invest in security. Which is why issues like this one sometimes (too seldom IMHO) get treated like security issues. 'nuff rambling for one night =P /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: XML in IE 5.0 Mike Brown (Jan 13)
- Re: XML in IE 5.0 Mikael Olsson (Jan 13)
- Re: XML in IE 5.0 Mike Brown (Jan 13)
- <Possible follow-ups>
- Re: XML in IE 5.0 Ryan Russell (Jan 14)
- Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
- Re: XML in IE 5.0 David LeBlanc (Jan 18)
- Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
- Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
- Re: XML in IE 5.0 Darren Reed (Jan 17)
- Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
- SubSeven 2.1a (trojan) Andrew Griffiths (Jan 19)
- Re: XML in IE 5.0 David LeBlanc (Jan 20)
- Some discussion in http-wg ... FW: webmail vulnerabilities: a new pragma token? Eric D. Williams (Jan 19)
- Re: XML in IE 5.0 Mikael Olsson (Jan 13)