Full Disclosure mailing list archives
RE: IE sp2 and Mozilla Firefox DoS.
From: bipin gautam <visitbipin () yahoo com>
Date: Tue, 28 Dec 2004 05:56:40 -0800 (PST)
--- "ALD, Aditya, Aditya Lalit Deshmukh" <aditya.deshmukh () online gateway expertworks net> wrote:
Both Firefox & IE supports decompression method'gzip'ie. an extended request header named HTTP_ACCEPT_ENCODING like HTTP_ACCEPT_ENCODING=gzip,deflateBy this way, the file can be kept around fewkilobytesin the server and delivered easily. I wonder, why such... simple issue went un-noticed to everyoneforyears...Dear bipin, Good observation ! Works for me on mozilla 1.7.5 also on win2k sp4 and all other patches But Is this not a small issue that can happen to kind of data? .... 3.5 mb of data as a pic image or a pic with very high width will also do the same and there will certainly be more of such doss`
that was one of an old advisory! but, i think this issue has been fixed. http://www.geocities.com/visitbipin/crazy0.html http://www.securityfocus.com/bid/10913 yap, that's why I specifically mentioned the... HTTP_ACCEPT_ENCODING=gzip,deflate (O; Moreover, when the file is being download from a remote server and being loded, the DoS has already been triggered! I'd only tested it on Mozilla Browser(Linux) and falsely concluded Mozilla isn't pron to this bug! Can anyone test it for OPERA as well? regard, bipin __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: IE sp2 and Mozilla Firefox DoS. morning_wood (Jan 05)
- <Possible follow-ups>
- Re: IE sp2 and Mozilla Firefox DoS. phased (Jan 06)
- Re: IE sp2 and Mozilla Firefox DoS. Sebastian Dietz (Jan 06)
- RE: IE sp2 and Mozilla Firefox DoS. bipin gautam (Jan 06)