RE: DoS_Browser

["Wolf, Glenn" <glenn.wolf () we-inc com>]

Unless you DoS the user by inducing a seizure with flashing colors...

Another related quasi-DoS I have seen is self-referencing framesets which
tend to chew up memory VERY quickly.  (i.e., create a page divided into 4
frames, each of which use the main page file as their source, causing them
each to divide into 4 frames... so you get 4 frames, then 16, then 256, then
65536, etc. until the browser chokes -- on Win95 this caused a BSOD)

Glenn


-----Original Message-----
From: Elan Hasson [mailto:elan () daryl org]
Sent: Thursday, June 27, 2002 9:21 AM
To: FBE FBE; bugtraq-help () securityfocus com;
incidents-help () securityfocus com; vuln-dev () securityfocus com
Subject: RE: DoS_Browser


That's not a DoS!

There was a thread about this earlier..Its just an infinate loop that does a
bit of color changing.

-----Original Message-----
From: FBE FBE [mailto:nms_fbe () hotmail com]
Sent: Tuesday, June 25, 2002 7:41 AM
To: bugtraq-help () securityfocus com; incidents-help () securityfocus com;
vuln-dev () securityfocus com
Subject: DoS_Browser




Name      : DoS on IE ( All Version ) , outlook ( all version ), Motzilla (
all browser )
Date      : june 25, 2002
Product   : Internet Explorer ( all version )
            Outlook ( all version )
            Mozilla ( all version )

Vuln Type : DoS Vulnerability
Severity  : HIGH RISK

Infos :
An insertion of code HTML below makes it possible to make a Back on the
totality of Browser.
This problem after surroundings 20 second (on Windows) can generate a stop
of service on the programs running.  During shutdow the PC an error OE
appears.

On linux ( Motzilla )
Only the browser will stop

Source Code :

It's possible to insert this code on mail ( same result) DoS on outlook and
possibility to put a various code ( virus and other )

Regards