[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.

To: "'bipin gautam'" <visitbipin@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.
From: "ALD, Aditya, Aditya Lalit Deshmukh" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 28 Dec 2004 02:50:50 +0530

>
>Both Firefox & IE supports decompression method 'gzip'
>ie. an extended request header named
>HTTP_ACCEPT_ENCODING like 
>HTTP_ACCEPT_ENCODING=gzip,deflate 


>By this way, the file can be kept around few kilobytes
>in the server and delivered easily. I wonder, why
>such... simple issue went un-noticed to everyone for
>years... 


Dear bipin, 

Good observation ! Works for me on mozilla 1.7.5 also on win2k sp4 and all
other patches 

But Is this not a small issue that can happen to kind of data? .... 3.5 mb
of data as a pic image or a pic with very high width will also do the same
and there will certainly be more of such doss` 

-aditya



________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] [ GLSA 200412-25 ] CUPS: Multiple vulnerabilities
Next by Date: Re: [Full-Disclosure] MySQL and the user "su"
Previous by thread: Re: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.
Next by thread: [Full-Disclosure] MDKSA-2005:002 - Updated wxGTK2 packages fix vulnerabilities
Index(es):
- Date
- Thread