| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041227182507.32188.qmail@web20227.mail.yahoo.com> From: visitbipin at yahoo.com (bipin gautam) Subject: IE sp2 and Mozilla Firefox DoS. There is an issue with these browser rendering html's with long titles. Only Tested on: -------------- Internet Explorer(SP2): 6.0.2900.2180 Mozilla firefox: 1.0 Not affected: ------------- Mozilla Browser Have a look at, ___________________ <html> <head> <title> ....(put)3.5 MB OF data....... </html> ___________________ For IE beyond 1 Mb will just do fine. On execution, Mozilla Firefox starts filling up all the available system memory with 100% CPU use. Internet explorer renders 100% CPU use, but no system instability. (O; I've tested it on Windows XP SP2. Both Firefox & IE supports decompression method 'gzip' ie. an extended request header named HTTP_ACCEPT_ENCODING like HTTP_ACCEPT_ENCODING=gzip,deflate By this way, the file can be kept around few kilobytes in the server and delivered easily. I wonder, why such... simple issue went un-noticed to everyone for years... Bipin Gautam http://www.geocities.com/visitbipin/ http://www.nepsecure.tk __________________________________ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com
Powered by blists - more mailing lists