lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f3ddb5d0704171650y40db2a93m66ed0450008a05cb@mail.gmail.com>
Date: Tue, 17 Apr 2007 16:50:58 -0700
From: Troy <gimmespam@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Internet Explorer Crash

On 4/17/07, J. Oquendo <sil@...iltrated.net> wrote:
>
> III SOLUTION
> Stop using Microsoft products or deal with a new advisory every other
> day.



As the replies have shown, this isn't limited to IE7. It happens in Firefox
too, so your solution won't work. :)

In this particular case, IE7 actually handles the loop better than Firefox.
First, I had to actively tell IE, "Yes, I want to run the script." After a
short time, IE came up with a prompt asking if I want to continue running
the script because it's causing my system to be slowed down. Memory usage
shot up about 200 MiB. As soon as I clicked "No" on the dialog, everything
was back to normal.

With Firefox, I had to close the tab manually, which wasn't exactly easy to
do since Firefox was barely responding. In fact, my entire system had slowed
down since Firefox was eating up about 700 MiB of memory, which pushed me
into heavy virtual memory usage.

It didn't DoS me. It stopped me from visiting other web pages for about a
minute, but I recovered without having to restart my system. The rest of my
system was completely usable while IE attempted to run the script, though
that may not have been true with a single core system. There was no crash,
and memory usage, while high, was reasonable.

-- 
Troy

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ