| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: visitbipin at yahoo.com (bipin gautam) Subject: IE sp2 and Mozilla Firefox DoS. --- "ALD, Aditya, Aditya Lalit Deshmukh" <aditya.deshmukh@...ine.gateway.expertworks.net> wrote: > > > >Both Firefox & IE supports decompression method > 'gzip' > >ie. an extended request header named > >HTTP_ACCEPT_ENCODING like > >HTTP_ACCEPT_ENCODING=gzip,deflate > > > >By this way, the file can be kept around few > kilobytes > >in the server and delivered easily. I wonder, why > >such... simple issue went un-noticed to everyone > for > >years... > > > Dear bipin, > > Good observation ! Works for me on mozilla 1.7.5 > also on win2k sp4 and all > other patches > > But Is this not a small issue that can happen to > kind of data? .... 3.5 mb > of data as a pic image or a pic with very high width > will also do the same > and there will certainly be more of such doss` that was one of an old advisory! but, i think this issue has been fixed. http://www.geocities.com/visitbipin/crazy0.html http://www.securityfocus.com/bid/10913 yap, that's why I specifically mentioned the... HTTP_ACCEPT_ENCODING=gzip,deflate (O; Moreover, when the file is being download from a remote server and being loded, the DoS has already been triggered! I'd only tested it on Mozilla Browser(Linux) and falsely concluded Mozilla isn't pron to this bug! Can anyone test it for OPERA as well? regard, bipin __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail
Powered by blists - more mailing lists