lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200412272352.iBRNqGj6010264@frisbee.ada.mil>
From: dietz at dimecs.de (Sebastian Dietz)
Subject: IE sp2 and Mozilla Firefox DoS.

I observed something different. I tried the following:

Generated a file like:

<html>
<head><title> (4MB from /dev/urandom)
</html> (or </title></html>)

on a gentoo linux kernel 2.6.9 FireFox 1.0 512MB Ram and FireFox started to use
up to 70% of the memory and about 4 CPU Minutes (1.4GHz Thunderbird) and then
displayed the page. (some in the title, the rest in the main window)

After switching to a new page, FireFox did not free the big chunk of memory,
but responded like normal. Actually I am writing this mail with this instance.
When closing FireFox the mem is freed of course. So I think this is not realy a
DoS against FireFox 1.0 on Linux, but a serious proplem for multi user
Systems.

ciao

Execute

On 27.12.2004 at 21:20:13, bipin gautam <visitbipin@...oo.com> wrote:

> There is an issue with these browser rendering html's
> with long titles. 
> Only Tested on: 
> -------------- 
> Internet Explorer(SP2): 6.0.2900.2180 
> Mozilla firefox: 1.0 
> 
> Not affected:
> ------------- 
> Mozilla Browser 
> 
> Have a look at, 
> ___________________ 
> <html> 
> <head> <title>  ....(put)3.5 MB OF data....... 
> 
> </html> 
> ___________________
>  
> 
> For IE beyond 1 Mb will just do fine. On execution,
> Mozilla Firefox starts filling up all the available
> system memory with 100% CPU use. 
> 
> Internet explorer renders 100% CPU use, but no system
> instability. (O; 
> I've tested it on Windows XP SP2. 
> 
> Both Firefox & IE supports decompression method 'gzip'
> ie. an extended request header named
> HTTP_ACCEPT_ENCODING like 
> HTTP_ACCEPT_ENCODING=gzip,deflate 
> 
> By this way, the file can be kept around few kilobytes
> in the server and delivered easily. I wonder, why
> such... simple issue went un-noticed to everyone for
> years... 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Send holiday email and support a worthy cause. Do good. 
> http://celebrity.mail.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

Powered by blists - more mailing lists