[13359] in bugtraq
Re: XML in IE 5.0
daemon@ATHENA.MIT.EDU (Mike Brown)
Fri Jan 14 23:50:11 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20000114030429.7412.qmail@hyperreal.org>
Date: Thu, 13 Jan 2000 19:04:29 -0800
Reply-To: mike@HYPERREAL.ORG
From: Mike Brown <mike@HYPERREAL.ORG>
X-To: Mikael Olsson <mikael.olsson@enternet.se>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <387E5D11.9A0CB18@enternet.se> from Mikael Olsson at "Jan 14,
2000 00:17:37 am"
Mikael Olsson wrote:
> > I also don't see what this potential bug in the parser has to do with
> > computer security.
>
> A-hem.
>
> "Since we should be able to rely upon everyone sending us
> well-formed and validated data that conform to all standards,
> it doesn't matter if the software that we use to receive it
> is crappy. No one would willingly do us any harm!"
>
> (I'm sorry about the harsh tone, but, to me, that's the sum total
> of what you're saying?)
Not really. I'm not excusing the bug. They should fix it. I'm just saying
that in my opinion, being able to send a browser some data that makes it
hang doesn't necessarily constitute a denial of services. You can still
close out of the browser and probably not lose much available memory, I
assume, and no other services are affected other than the one browser
process.
You can do the same thing to Netscape Navigator (funny how *their* bugs
are less offensive to people) by making a valid HTML document (of course,
"valid HTML" still has a lot of leeway) containing nested tables or lists,
about 15 levels deep. I have an example of this at:
http://www.skew.org/xml/tree_viewers/sample_output.html
(not a plug; just don't expect the page to load in most versions of
Navigator)
> I do agree that this particular bug won't "compromise" your
> system per se, but what about continually mailing large XML
> to someone using Outlook or some other mail software that
> uses MSIE to display HTML/XML?
Good point. I didn't think of that. MSIE's rendering engine is available
for use by other applications, so they'd potentially be affected as well.
Too bad this wasn't mentioned in the original post.
Of course, along those same lines, continually mailing large files can
cause many problems when disks start filling up.
