Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: IE bugs (Was: Web browsers - a mini-farce)

From: "Aviv Raff" <avivra () 012 net il>
Date: Wed, 20 Oct 2004 18:58:01 +0200
A collection of a lot of crashing scenarios in Mozilla can be found here:
https://bugzilla.mozilla.org/buglist.cgi?query_format=&short_desc_type=allwo
rdssubstr&short_desc=crash&product=Browser&product=Firefox&long_desc_type=su
bstring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whi
teboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywor
ds=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1
=1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_con
tact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfro
m=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+ti
me&field0-0-0=noop&type0-0-0=noop&value0-0-0=

I don't think that these and other not security related issues should be
discussed here.

--Aviv.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Berend-Jan
Wever
Sent: Wednesday, October 20, 2004 1:44 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Re: IE bugs (Was: Web browsers - a mini-farce)


Here's some IE bugs out of my own collection that still aren't patched
(IE6.0 W2K):

Stack overflows (_not_ buffer overflows):
<HTML>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); }
</SCRIPT>
  <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); }
</SCRIPT> </HTML> <HTML> <BODY onLoad="A"><IMG src="::"
onError="this.src=this.src;"></BODY> </HTML>

Null pointer:
<HTML style="width:expression(navigate('?#'))">
  <HEAD> <META http-equiv="Page-Enter" content="blendTrans()"> </HEAD>
</HTML>

None of them pose a security-risk and they all require JavaScript. So now I
actually forgot why I decided to mention them in a reply to this post. Well,
maybe MS can fix them in the next SP now that they know about them...

Cheers,
SkyLined

----- Original Message -----
From: "Martin" <nakal () nurfuerspam de>
To: "Michal Zalewski" <lcamtuf () ghettot org>
Cc: "Full Disclosure" <full-disclosure () netsys com>
Sent: Wednesday, October 20, 2004 02:38
Subject: Re: [Full-disclosure] Web browsers - a mini-farce



Am Mo, den 18.10.2004 schrieb Michal Zalewski um 16:18:


  All browsers but Microsoft Internet Explorer kept crashing on a

regular

  basis


Here, may I make your collection more complete?

This one is for IE6 on MS-Windows 2000:

<html><base href="ftp*://">
<body>
<iframe src="????"/>
</body>
</html>

Martin

PS: No, it's not been discovered by your tool. And I reported
    it already several years ago.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

############################################################################
#########
This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro
Interscan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: