Bugtraq mailing list archives
Re: Object tag crashes Internet Explorer 4.0
From: paulle () MICROSOFT COM (Paul Leach)
Date: Thu, 6 Aug 1998 01:53:25 -0700
-----Original Message----- From: dzp () poboxes com [mailto:dzp () poboxes com] Sent: Wednesday, August 05, 1998 3:27 PM Please remember - the computation _terminated_ with a behaviour normally considered to be some sort of bug.
Considered by whom? Someone who couldn't tell the difference between a long filename buffer overrun bug (which we said we'd fixed) and a self-referential object tag, so essentially accused us of lying about fixing the bug, and who couldn't write clearly anyway? As a result, I just didn't care about the precise problem reported, and was commenting on the problem of "bad" web pages in general. If we started examining web pages to analyze them and catch "bad" ones before we executed them, it is indeed true we could catch many bad ones. However, every one we don't catch would be a "YET ANOTHER MAJOR MS SECURITY HOLE", and the theory tells us we can't catch all of them. So, we're just not going to start down that path. If a site has pages that cause your browser to restart, don't go there again; set your Zones to stop you if you really want. No serious site has any interest in allowing such pages to exist on its site, and about all you lose when the browser restarts is the history list, since it's about as stateless as you can get in an app (except for its config data, which isn't lost anyway).
Current thread:
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs, (continued)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Jeremiah Rothschild (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Scott Stone (Aug 10)
- Network Associates Inc. Advisory (OpenBSD) Security Research Labs (Aug 10)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Object tag crashes Internet Explorer 4.0 Alan Cox (Aug 07)
- Description of the Eudora Security Hole Aleph One (Aug 07)
- resend Steve Bellovin (Aug 06)
- Re: resend Casper Dik (Aug 07)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Joe (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Roger Espel Llima (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 06)
- Re: Object tag crashes Internet Explorer 4.0 Florian Weimer (Aug 08)