lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041020165726.ZNAH1249.fep10@avivraff> From: avivra at 012.net.il (Aviv Raff) Subject: Re: IE bugs (Was: Web browsers - a mini-farce) A collection of a lot of crashing scenarios in Mozilla can be found here: https://bugzilla.mozilla.org/buglist.cgi?query_format=&short_desc_type=allwo rdssubstr&short_desc=crash&product=Browser&product=Firefox&long_desc_type=su bstring&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whi teboard_type=allwordssubstr&status_whiteboard=&keywords_type=allwords&keywor ds=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1 =1&emailtype1=exact&email1=&emailassigned_to2=1&emailreporter2=1&emailqa_con tact2=1&emailtype2=exact&email2=&bugidtype=include&bug_id=&votes=&chfieldfro m=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=Reuse+same+sort+as+last+ti me&field0-0-0=noop&type0-0-0=noop&value0-0-0= I don't think that these and other not security related issues should be discussed here. --Aviv. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Berend-Jan Wever Sent: Wednesday, October 20, 2004 1:44 PM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Re: IE bugs (Was: Web browsers - a mini-farce) Here's some IE bugs out of my own collection that still aren't patched (IE6.0 W2K): Stack overflows (_not_ buffer overflows): <HTML> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> <SCRIPT> a = new Array(); while (1) { (a = new Array(a)).sort(); } </SCRIPT> </HTML> <HTML> <BODY onLoad="A"><IMG src="::" onError="this.src=this.src;"></BODY> </HTML> Null pointer: <HTML style="width:expression(navigate('?#'))"> <HEAD> <META http-equiv="Page-Enter" content="blendTrans()"> </HEAD> </HTML> None of them pose a security-risk and they all require JavaScript. So now I actually forgot why I decided to mention them in a reply to this post. Well, maybe MS can fix them in the next SP now that they know about them... Cheers, SkyLined ----- Original Message ----- From: "Martin" <nakal@...fuerspam.de> To: "Michal Zalewski" <lcamtuf@...ttot.org> Cc: "Full Disclosure" <full-disclosure@...sys.com> Sent: Wednesday, October 20, 2004 02:38 Subject: Re: [Full-Disclosure] Web browsers - a mini-farce > Am Mo, den 18.10.2004 schrieb Michal Zalewski um 16:18: > > > All browsers but Microsoft Internet Explorer kept crashing on a regular > > basis > > Here, may I make your collection more complete? > > This one is for IE6 on MS-Windows 2000: > > <html><base href="ftp*://"> > <body> > <iframe src="????"/> > </body> > </html> > > Martin > > PS: No, it's not been discovered by your tool. And I reported > it already several years ago. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ############################################################################ ######### This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro Interscan
Powered by blists - more mailing lists