[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.
- To: bipin gautam <visitbipin@xxxxxxxxx>
- Subject: Re: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.
- From: phased <phased@xxxxxxx>
- Date: Tue, 28 Dec 2004 17:51:09 +0300
Probably because there is a simple solution, close the browser, end of
problem.
-----Original Message-----
From: bipin gautam <visitbipin@xxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxx
Date: Mon, 27 Dec 2004 10:24:14 -0800 (PST)
Subject: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.
>
> There is an issue with these browser rendering html's
> with long titles.
> Only Tested on:
> --------------
> Internet Explorer(SP2): 6.0.2900.2180
> Mozilla firefox: 1.0
>
> Not affected:
> -------------
> Mozilla Browser
>
> Have a look at,
> ___________________
> <html>
> <head> <title> ....(put)3.5 MB OF data.......
>
> </html>
> ___________________
>
>
> For IE beyond 1 Mb will just do fine. On execution,
> Mozilla Firefox starts filling up all the available
> system memory with 100% CPU use.
>
> Internet explorer renders 100% CPU use, but no system
> instability. (O;
> I've tested it on Windows XP SP2.
>
> Both Firefox & IE supports decompression method 'gzip'
> ie. an extended request header named
> HTTP_ACCEPT_ENCODING like
> HTTP_ACCEPT_ENCODING=gzip,deflate
>
> By this way, the file can be kept around few kilobytes
> in the server and delivered easily. I wonder, why
> such... simple issue went un-noticed to everyone for
> years...
>
>
>
> __________________________________
> Do you Yahoo!?
> Send holiday email and support a worthy cause. Do good.
> http://celebrity.mail.yahoo.com
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html