Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE sp2 and Mozilla Firefox DoS.

From: phased <phased () mail ru>
Date: Tue, 28 Dec 2004 17:51:09 +0300
Probably because there is a simple solution, close the browser, end of
problem.

-----Original Message-----
From: bipin gautam <visitbipin () yahoo com>
To: full-disclosure () lists netsys com
Date: Mon, 27 Dec 2004 10:24:14 -0800 (PST)
Subject: [Full-disclosure] IE sp2 and Mozilla Firefox DoS.



There is an issue with these browser rendering html's
with long titles. 
Only Tested on: 
-------------- 
Internet Explorer(SP2): 6.0.2900.2180 
Mozilla firefox: 1.0 

Not affected:
------------- 
Mozilla Browser 

Have a look at, 
___________________ 
<html> 
<head> <title>  ....(put)3.5 MB OF data....... 

</html> 
___________________
 

For IE beyond 1 Mb will just do fine. On execution,
Mozilla Firefox starts filling up all the available
system memory with 100% CPU use. 

Internet explorer renders 100% CPU use, but no system
instability. (O; 
I've tested it on Windows XP SP2. 

Both Firefox & IE supports decompression method 'gzip'
ie. an extended request header named
HTTP_ACCEPT_ENCODING like 
HTTP_ACCEPT_ENCODING=gzip,deflate 

By this way, the file can be kept around few kilobytes
in the server and delivered easily. I wonder, why
such... simple issue went un-noticed to everyone for
years... 


              
__________________________________ 
Do you Yahoo!? 
Send holiday email and support a worthy cause. Do good. 
http://celebrity.mail.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: