Another set of Vulnerabilities in Opera, Mozilla & Lynx, Discovered

Discussion in 'other security issues & news' started by the mul, Oct 21, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Another set of vulnerabilities found today... :eek:

    Opera HTML Parsing Errors Let Remote Users Deny Service

    Impact: Denial of service via network
    Exploit Included: Yes
    Description: A vulnerability was reported in Opera in the parsing of HTML. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.

    Michal Zalewski reported that certain HTML tag sequences and formatting can cause denial of service conditions.

    An excessive COL SPAN within a TBODY section will trigger a crash.

    http://securitytracker.com/alerts/2004/Oct/1011811.html

    Mozilla HTML Parsing Errors Let Remote Users Deny Service

    Impact: Denial of service via network
    Exploit Included: Yes
    Description: A vulnerability was reported in Mozilla in the parsing of HTML. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.

    Michal Zalewski reported that certain HTML tag sequences and formatting can cause denial of service conditions.

    Some TEXTAREA, INPUT, FRAMESET, and IMG tags followed by a NUL and some additional characters can trigger a crash.

    Also, an "unusual combination of visual elements" can trigger a crash.

    http://securitytracker.com/alerts/2004/Oct/1011810.html

    Lynx HTML Parsing Errors Let Remote Users Deny Service

    Impact: Denial of service via network
    Exploit Included: Yes
    Description: A vulnerability was reported in Lynx in the parsing of HTML. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.

    Michal Zalewski reported that certain HTML tag sequences and formatting can cause denial of service conditions.

    "Broken HTML" can trigger a crash.

    http://securitytracker.com/alerts/2004/Oct/1011809.html


    THE MUL
     
Loading...
Thread Status:
Not open for further replies.