Full Disclosure mailing list archives
Re: Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability
From: Daniel Veditz <dveditz () cruzio com>
Date: Tue, 22 Nov 2005 08:57:06 -0800
Toufeeq Hussain wrote:
Security Advisory (Reclassification) :: CT21-11-2005 ----------------------------------------------------- Title: Microsoft Internet Explorer JavaScript Window() VulnerabilityIs it just me or did this exploit just DOS'ed my Firefox 1.0.7(Debian Linux). Just try the Windows XP Link given in the POC URL. Firefox just hung with 100% CPU utilization.
This does DOS Firefox (and the Mozilla Suite), tracked at https://bugzilla.mozilla.org/show_bug.cgi?id=317334 The problem appears to be related to trying to reflow Bi-directional text, we've chunked the 200K character prompt dialog into 66K internal chunks and appear to have a really sucky algorithm for doing so. Eventually Firefox will show the prompt dialog and continue on normally (where eventually can be up to a couple of minutes). -Dan Veditz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability securityadvisory (Nov 21)
- Re: Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability Toufeeq Hussain (Nov 21)
- Re: Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability Michael Holstein (Nov 21)
- Re: Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability foo_labs () yahoo co in (Nov 21)
- Re: Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability Daniel Veditz (Nov 22)
- Re: Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explorer JavaScript Window() Vulnerability Toufeeq Hussain (Nov 21)