Bugtraq mailing list archives
Re: Object tag crashes Internet Explorer 4.0
From: paulle () MICROSOFT COM (Paul Leach)
Date: Tue, 4 Aug 1998 13:57:39 -0700
On the contrary -- Jason's claim was correct. Your example uses a different object tag and it completely different in nature from the bug that was fixed: the bug had to do with excessively long file names in HTLM tags, yours has to do with infinite recursion. Yours can not be exploited to run untrusted code, unlike the other. The possibility of infinite loops and infinite recursion in HTML has been discussed on the lists before. Trying to detect and prevent them is an instance of the "Turing machine halting" problem, and it is well known among computer scientists to be impossible.
-----Original Message----- From: Adam Monaghan [mailto:adamm () GORGE NET] Sent: Thursday, July 30, 1998 9:34 AM To: BUGTRAQ () NETSPACE ORG Subject: Re: Object tag crashes Internet Explorer 4.0 I hate to question your credibility, but you're wrong, im on win98 with the latest version of IE and the object tag will crash my browser and trash my systray just like on any other machine, of course the one we used wasn't the one at the bottom, you have an html file called the data object <object data="crashmehtml.html"></object> in other words, put that tag in an html file called crashmehtml.html. We got a kick out of it in the office
Current thread:
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
- linux kernel patch - suid procs exec'd with bad 0,1,2 fds Zachary Amsden (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Kragen (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Pavel Kankovsky (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 David Damerell (Aug 06)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Jeremiah Rothschild (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Scott Stone (Aug 10)
- Network Associates Inc. Advisory (OpenBSD) Security Research Labs (Aug 10)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Object tag crashes Internet Explorer 4.0 Alan Cox (Aug 07)
- Description of the Eudora Security Hole Aleph One (Aug 07)