Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTML Rendering Crashes IE

Posted by michael on from the tough-job dept.

SlimySlimy writes "According to this article on Secunia, a new IE exploit was found that crashes almost any version of Internet Explorer past 4.0 with just 5 lines of plain HTML code (no JavaScript, ActiveX, etc.). If you're very brave, you can test/crash your IE by going here." There's also a note on SecurityFocus.

13 of 887 comments (clear)

  1. OS X IE Is Unaffected by WiseWeasel · · Score: 5, Interesting

    It seems that IE 5.x on MacOS X is not affected by this. Not that it's such a big deal, I imagine any affected Windows versions of IE can be relaunched and people will just avoid going to places with such code. I fail to see the significance. Oh well, glad to see their Mac port is more stable in this regard.

    --
    "I like systems, their application excepted", George Sand (French)
  2. Re:Phoenix by thesadjester · · Score: 5, Interesting

    Well, just to note, the Mac OS X version of IE did NOT crash. However, anyone using IE on mac when Camino, Mozilla, and Safari are well put together should have their head examined. Don't forget Opera too.

    The bug seems to be Windows only....so the Mac coders at MS may be better coders...who knows.

    --
    -gabe
  3. bah by chadamir · · Score: 5, Interesting

    people are up in arms over this because it's an ms blunder. It does nothing more than simply halt your browser. As many can testify, halted browsers happen with any of the many browser flavors available.

    I heard someone suggest they hire better testers? How was anyone supposed to test for this. I know this is /. and trolling about MS is ok, but I mean come on, how could anyone see that coming.

    The fact remains though that this crash isn't really that big of a deal. Sure it crashes IE, but it's not like most content webpages want their reader's browsers crashing when they reach the page. Who do we have to worry about? HTML enabled web boards? I have to worry about someone linking c:\con\con as an image everytime I click a link. You just go on with your life. If they are stupid enough to have html enabled then it's their problem, not MS's.

    --
    NJ Local Music Scene
  4. Hah! I've got something that will crash IE also.. by [PF]+Lurch · · Score: 5, Interesting
    Ran into this while doing some website design, simplified the problem down to this. Note, the green background is just so you can see the cell a little better.



    <html>
    <head>
    <style>
    .header
    {
    position: fixed;
    background-color: green;
    }
    </style>
    </head>

    <body>
    <table border=1>
    <tr>
    <td class="header">sdf</td><td>sdfsdfsdf</td>
    </tr>
    </body>
    </html>

    You have to mouseover the table cells and you will get a gpf. Should work on IE 5.5 and 6.0.

    note: there is a bogus semicolon after the /td when I preview this post... it shouldn't be there, but I can't get rid of it.

  5. what happens? by scubacuda · · Score: 3, Interesting
    Does anyone actually *know* what happens when you submit these errors to Microsoft?

  6. Pretty simple bug really by JanusFury · · Score: 3, Interesting

    If you skip over the assembly instruction that causes the exception in a debugger, everything works fine. So if anyone pulls this trick on you, just open the debugger and skip the instruction. :) That, or get a better browser.

    --
    using namespace slashdot;
    troll::post();
  7. I just found what to auto answer to all my spam... by ArcticCelt · · Score: 5, Interesting

    "This HTML also crash Outlook" Sweet, I just found what to auto answer to all my spam. Of course with a subject line that says: I am very interested to buy your products.

    --

    Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
  8. Re:mozilla crashes too by arvindn · · Score: 5, Interesting
    Even simpler:

    <script> for(;;){window.open('');} </script>

    Just tried with mozilla 1.2.1: froze.

    OTOH:

    <script> for(;;){} </script>

    If I do this a dialog pops up saying: "A script on this page is trying to screw you. Do you want to kill it?" (not in those words though :)

  9. Re:Wonder if that works deeper in a page by goph · · Score: 3, Interesting

    actually it could indeed...

    just putting "about:<input type crash>" in the url bar already worked...

    which is just 1 line

  10. Re:mozilla crashes too by metalpet · · Score: 5, Interesting

    That's actuallly a good point.
    Everybody who has spent any time developing web pages has learnt that bad (and sometimes even good) html can crash browsers.

    Are we *that* confident in the maturity of our web browsers that causing a browser crash is nowadays considered a serious issue?

    Before jumping the gun on parsing errors that kill the app, it might be smart to go over design errors first (scripts that keeps on going and that bypass the simple "lengthy script" checks are a good example. recursive frameset tricks would qualify too.). I've yet to see a full-featured browser that doesn't choke and/or die when presented with the right mix of recursion, active content and wickedness.

    <tidbit type=outdated>
    Netscape 3 had a neat crash code:
    <script>delete new Location</script>
    The neat part about it is that 2 of those 3 words were undocumented.
    Of course any attempt to pass that as a security concern back then would have been laughed at. loudly.
    I'm not sure what has fundamentally changed since then.
    </tidbit>

  11. Careful with those emails! by Anonymous Coward · · Score: 5, Interesting

    I just sent a HTML email with this in to a friend who runs Outlook 2000. As soon as he got it, it crashed Outlook. Funny thing is every time he starts Outlook up it crashes again so he can't rmeove it. Disables his email program with one crafted email!

  12. Re:Two points of significance for crashes. by Zaiff+Urgulbunger · · Score: 3, Interesting

    Re potential for Outlook crashing, I'm not going to try this but if an outlook user receives an email containing this HTML then as soon as they view the email, Outlook crashes right?

    But the email would still be in their Inbox... so the next time they start outlook... oh just rememebered, Outlook Express (not sure about the full Office Outlook version) will not display an email after a crash.

    Worrying though!

  13. Re:Inquirer says one line by craigeyb · · Score: 3, Interesting

    Not to be overly trollish here, but you could also squish poetry onto one long line or a big novel onto one really huge page, like something in Guinness's Book of World Records I suppose.

    The point is, we use line counts in computer languages, even though most computer languages can be spaced out in numerous ways, because it provides a good rough estimate of length and complexity. It's not always the best metric, but oftentimes it serves its purpose well. In this case, the typical slashdot reader can see that the exploit is only "five lines" and realize that it's not a overly complicated HTML parser exploit but instead something ridiculously simple.

    --

    Social Contract? I don't remember signing any Social Contract!