lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20031022181054.17016.qmail@sf-www2-symnsj.securityfocus.com>
Date: 22 Oct 2003 18:10:54 -0000
From: xenophi1e <oliver.lavery@...patico.ca>
To: bugtraq@...urityfocus.com
Subject: Re: IE6 CSS-Crash


In-Reply-To: <1066826686.3696.32.camel@...con>

>Hi,
>the following HTML/JS/CSS-Code crashes IE6 immediately through a
>combination of:
>1. textarea in table in div
>2. css:overflow-y:hidden
>3. changing the scrollbar-base-color
>4. moving the div


This looks like a benign crash to me. On my system IE is tanking in MSHTML.dll at 0x6360CD44 while dereferencing a null pointer (or a 0x22 pointer, to be precise).

6360CD38  mov         dword ptr [esi+9Ch],eax 
6360CD3E  mov         dword ptr [esi+90h],eax 
>6360CD44  cmp         byte ptr [edi+22h],0     ; edi = 0
6360CD48  jne         6360CDDE 
6360CD4E  cmp         byte ptr [edi+23h],0 

Stack:
>	MSHTML.DLL!6360cd44() 	
 	MSHTML.DLL!636199e3() 	
 	MSHTML.DLL!6360b569() 	
 	MSHTML.DLL!6360ba22() 	
 	MSHTML.DLL!636ff83b() 	

Maybe I'm missing something, but it seems pretty run-of-the-mill.

Cheers,
~ol

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ