Vulnerability Development mailing list archives

Re: VULN-DEV Digest - 8 Feb 2000 to 9 Feb 2000 (#2000-29)

From: Yugoslavia () CANADA COM (PCbob - Slobodan miskoviC)
Date: Thu, 10 Feb 2000 20:49:09 -0800


Devil Man wrote:

Put 37 concatenated "its:" strings as a target url and IE4 crashes
when trying to handle that url.. No I don't know if you wanted
to know this.

<a

href="its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:its:.">do

not click me</a>


This does not effect UNIX and or LINUX version of netscape tested on Netscape
verisons 4.04, 4.5, 4.7.


Of course it will not crash any browser other than M$ IE, 'cause no
other browser uses ``its:'' for anything. I tried ``about:about:...''
(probably much more than 50 `about:'s, just used copy/paste :) under
communicator 4.61 and nothing happened (excet he displayed the page with
realy long horizontal scrool bar)

best regards
Slobodan

Current thread:

Re: VULN-DEV Digest - 8 Feb 2000 to 9 Feb 2000 (#2000-29) Devil Man (Feb 10)
- Re: VULN-DEV Digest - 8 Feb 2000 to 9 Feb 2000 (#2000-29) PCbob - Slobodan miskoviC (Feb 10)