I went to the security focus site and then went to:
http://lcamtuf.coredump.cx/mangleme/mangle.cgi
then ended up at:
http://lcamtuf.coredump.cx/mangleme/mangle2.cgi
Is this supposed to crash my browser? It did not happen for me on mozilla 1.6. Does this only happen on the windows platform?
Nebergall, Christopher wrote:
Slashdot pointed to some articles about this in English.
http://it.slashdot.org/article.pl?sid=04/10/19/0236213&tid=113&tid=128&t id=154&tid=218
http://www.securityfocus.com/archive/1/378632/2004-10-15/2004-10-21/0
Besides the randomly generated code which will supposedly Mozilla (I must not have used it long enough, I couldn't get firefox to die), they mention specific files they have kept which will kill Mozilla named mozilla_die?.htm.
-Christopher
-----Original Message-----
From: Marko Steinberger [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 20, 2004 10:50 AM
To: [EMAIL PROTECTED]
Subject: Only MS ie a robust browser?
Hello,
today there was a short article posted in german www.heise.de (http://www.heise.de/newsticker/meldung/52317), that reported about some studies a polish security expert called Michal Zalewski made towards the handling of improper HTMl-pages. Testing candidates where Internet Explorer, Mozilla, Firefox and Opera. With the ie alternatives he expierienced the most crashes, buffer overflows etc. as the article pointed out. He has published some test cases. You can find them following the Link called "Demonstration" (BE CAREFUL !) in the article found in the above URL. I've just a few of them myself with Mozilla 1.7.3 resulting in Mozilla crashing.
So I suggest that any Developer should have a look at this, because advantage in security above ie is a big reason for why people begin to choose more and more ie alternatives like e.g. Firefox.
best regards Marko Steinberger _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
_______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
