lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20041227182507.32188.qmail@web20227.mail.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: IE sp2 and Mozilla Firefox DoS.

There is an issue with these browser rendering html's
with long titles. 
Only Tested on: 
-------------- 
Internet Explorer(SP2): 6.0.2900.2180 
Mozilla firefox: 1.0 

Not affected:
------------- 
Mozilla Browser 

Have a look at, 
___________________ 
<html> 
<head> <title>  ....(put)3.5 MB OF data....... 

</html> 
___________________
 

For IE beyond 1 Mb will just do fine. On execution,
Mozilla Firefox starts filling up all the available
system memory with 100% CPU use. 

Internet explorer renders 100% CPU use, but no system
instability. (O; 
I've tested it on Windows XP SP2. 

Both Firefox & IE supports decompression method 'gzip'
ie. an extended request header named
HTTP_ACCEPT_ENCODING like 
HTTP_ACCEPT_ENCODING=gzip,deflate 

By this way, the file can be kept around few kilobytes
in the server and delivered easily. I wonder, why
such... simple issue went un-noticed to everyone for
years... 
Bipin Gautam
http://www.geocities.com/visitbipin/
http://www.nepsecure.tk


		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 
 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ