Vulnerability Development mailing list archives

Re: Opera Browser goes Crash

From: "http-equiv () excite com" <http-equiv () excite com>
Date: Wed, 24 Oct 2001 11:02:30 -0700 (PDT)

In data 23/10/01 18.53, Holmes, Ben ha scritto a  
<vuln-dev () securityfocus com> il seguente messaggio:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I usually use Opera browser (it truly is a fast browser), and it just

closed

when I went to a link...

The link was "http://www.malware.com/hello.html";;

In Netscape, it is supposed to play a sound file...

In I.E it just comes up and allows to view source.

[...]

No crash here with this system:
Opera 5.12
Build 932
No Java Runtime
Language Italian
O.S. Win98 first ed. (italian).
Clicking on View Source button, just return a "404 Not Found" message.


Correct. On our Opera 5.10 Build 902 on Windows 98 ALSO with "No Java
Runtime Environment installed" -- no crash either.

Here's the inside scoop:

On the page http://www.malware.com/notscape.html is the exact same url
scheme as is on hello.html with one exception.

data:[<mediatype>][;base64],<data> with image/gif only requires the input of
the actual image file encoded in base64. Nothing more. However, to make the
sound file work [data:audio/wav;base64...] we found that in order to invoke
the applicable plug-in, in Netscape, we had to add the actual file
extension:

.wav

This is encoded and incorporated in the data:audio/wav;base64..............

....Ly53YXYAUADrAVYCAAAAAAAAAAAAAAAAAAAAAAAAAA==<~~~ at the tail-end
translates to:

/.wav

If it's not crashing on the first page ..notscape.htmlwith the image/gif and
no necessary file extension needed, but on the hello.html it could be caused
by that. Additionally test whether the amount of base64 encoding in fact has
an affect, by simply chopping out all or most of the encoded wav file and
only leave the incorporated encoded file extension and the marker [RIFFÎ 
WAVEfmt    U  àÄj{z¸] at the begining:

<embed
src="data:audio/wav;base64,UklGRs4VAABXQVZFZm10IB4AAABVAAEA4C4AAMQJAAABAAAADAABAAIAAADwAAIAcQVmYWN0BAAAAO9eAABkYXRhkBUAAP/jNMQAAAACWyFAAAD0HfEsN+NC35BRlg9T/DBArckx7/8ujjG2Whx//jTKIDZlqMlVkl4NuaQrJpwfm4yhgToZMrWofYas1Qya//LDVo5GspeYzSEiEILA6B4oNuf/jJMSfGMJGo/gYRcLxBkU4FFiQFCopiwFCRJ8XMjI9uAhcy2vSEhcz1sM//4CZxRH////////////////////////////////////////////////////////////////jNMSPGAGCCABI0xD////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////jJMSyAYACWyAAAAD//////////////////////////////////////////////////////////////////////////////////////////////////////////////w==Ly53YXYAUADrAVYCAAAAAAAAAAAAAAAAAAAAAAAAAA=="
 autostart=true width=0 height=0 loop=true>

Lastly, the view-source protocol is only netscape and explorer specific.


---
http://www.malware.com





_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/

Current thread:

Re: Opera Browser goes Crash, (continued)
- Re: Opera Browser goes Crash David Worth (Oct 23)
- RE: Opera Browser goes Crash Jason Waldhelm (Oct 23)
- Re: Opera Browser goes Crash Sephiroth (Oct 24)
  - Re: Opera Browser goes Crash Chip Mefford (Oct 24)
- Re: Opera Browser goes Crash Timothy . Lyons (Oct 23)
- Re: Opera Browser goes Crash Eric Johnson (Oct 23)
- Re: Opera Browser goes Crash http-equiv () excite com (Oct 23)
- Re: Opera Browser goes Crash riezel . t . serdan (Oct 23)
  - Re: Opera Browser goes Crash Aj Effin Reznor (Oct 24)
- RE: Opera Browser goes Crash Michael Erl (Oct 24)
- Re: Opera Browser goes Crash http-equiv () excite com (Oct 24)