lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4102A5A6.8050009@spymac.com>
From: trakz at spymac.com (Matt Houston)
Subject: Crash IE with 11 bytes ;)

I've been testing this under W2K with Moz. 1.6 and there is no sign of 
DoS. Mozilla handles this the usual way, this is what the source look 
like when you view it :

<STYLE></style>@;/*

The page just displays @;/* and the browser doesn't seem affected.

-----
Matt.

Phuong Nguyen wrote:
> Stephen,
> 
> I believe that is something new right there. So the <style>;@/* 
> partially DoS Mozilla too? Were you able to reproduce the situation? or 
> it just happened once? As far as I know, it doesn't have any effect on 
> Firefox on XP SP2 though. I wonder if anyone here experiences the same 
> thing about Mozilla?
> 
> Phuong
> 
> At 02:50 AM 7/24/2004, Stephen Taylor wrote:
> 
>> I don't understand the effect it has on Mozilla.  It certainly crashed 
>> my IE
>> but for Mozilla, the URL window displayed a diamond shape with a red "X"
>> through it. Mozilla was unresponsive afterwards. I had to close the 
>> window
>> to recover.  I am a W2K user at work.
>> ST
>>
>> -----Original Message-----
>> From: full-disclosure-admin@...ts.netsys.com
>> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Phuong
>> Nguyen
>> Sent: Friday, July 23, 2004 1:49 PM
>> To: Marcel Krause
>> Cc: full-disclosure@...ts.netsys.com
>> Subject: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
>>
>>
>> Oh, I actually didn't know about that! Coolio ;) !!
>>
>> Phuong
>>
>> At 12:47 AM 7/24/2004, Marcel Krause wrote:
>> >Hi!
>> >
>> >There is a similar Bug using about:<input%20type%20crash> .
>> >Well i think that's old news to you :)
>> >
>> >Yours, Marcel
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ