Vulnerability Development mailing list archives
Re: IE5 Crash
From: Dzzie Z <dzzie () YAHOO COM>
Date: Thu, 28 Dec 2000 02:17:19 -0500
1) Javascript Recognized But Not Instantiated: The HTTP Redirection code knows enough about Javascript to recognize it being called, but doesn't know enough to actually complete the call.
it is a strange crash...before my system updates, javascript alerts would fire when being fired from this method, might be worth saying that at that time I only tried with built in objects and no quotes like navigator.userAgent...if you do a javascript: redirect in response to the browser following the click of a link...you can get about anythign to run, acting as though the javascript: url had been typed into the page... the real idea of this came from one of Guninski's cross frame exploits where he used a js redirection triggered from a window.open event to run code that could access frames in different security zones. http://www.guninski.com/jsredir1-desc.html trying to get a browser to automatically trigger such an event with the img src= was just kind of a logical side step...
Do all Javascript references cause failures, or just this one? What about vbscript?
after I updated my scriptign engines to version 5.6 everything script related is crashing me both in vbscript and jscript...oddly enough they only crash the current IE window other windows are unaffected...I also noticed that the file:// con\con crash was enough to crash it out (not the BSOD just the same URLMON.DLL crash) but file://c:\windows\clouds.gif returned fine... I suppose this is just another one of those lame bugs out there..but it is curious to tinker with anyway...I really dont have the expertise to do much more with this...I was just bringing up the idea to others...anyways thanks for the thoughts : )
Current thread:
- IE5 crash Dzzie Z (Dec 23)
- Re: IE5 crash Dan Kaminsky (Dec 25)
- Re: IE5 crash Mulder (Dec 26)
- <Possible follow-ups>
- Re: IE5 crash Doe, John (Dec 25)
- Re: IE5 Crash Dzzie Z (Dec 28)