Bring Down Internet Explorer In Six Words

Marcion writes "Some handy Japanese guy called Hamachiya discovered a bug in Internet Explorer. Under certain conditions, an asterisk when used as a wildcard can crash IE as soon as the user attempts to go to another page." The article claims the "five HTML tags and a CSS declaration" crash IE7 as well as IE6, but I couldn't get IE7 to fail. This page says that as of June, IE6 was at about 37% market share and IE7 under 20%.

Tear in my eye

[ceeam]

I didn't think I'll see the day when browser crashing on something would be a newsworthy item. We - the industry - have made improvements in the last years I guess.

Re:Tear in my eye

[somersault]

Either that, or /. is going downhill? That's the pessimist's view anyway ;)

Re:Tear in my eye

[farlukar]

I didn't think I'll see the day when browser crashing on something would be a newsworthy item.

WTF? Have you been reading a different slashdot to me?

Maybe the total amount of posted browser crash articles is now just enough to make it newsworthy...

Re:Tear in my eye

[Dogtanian]

Anyway, the article is more of note for the doctor who reference at the start. An amusing piece of nostalgia You're nostalgic for something that happened in the 2005 Christmas Special?

Nostalgia ain't what it used to be...

Re:Tear in my eye

[Divebus]

I might get knocked off slashdot for saying this but look at the OS statistics (next page). Between 2003 and now, the Mac market share started behind Linux, matched it in 2005 and has been steadily climbing away from it ever since. "Linux is about to take the desktop" never felt right. Maybe that will change with the Delbuntu machines - maybe not. Anyone have different stats?

Re:Tear in my eye

[Glyphstream]

*IE Crashes*

Re:Tear in my eye

[Miseph]

Mac was taking it on the chin prior to about 2003 (when was it that Steve came back again?), their machines were lackluster and their marketing was weak. The release of OSX and their renewed marketing drive has brought them back from obscurity.

This had nothing to do with FOSS, and everything to do with Apple reclaiming a large chunk of its niche who had moved to Windows (as a group, that is; many of the old school Mac users probably didn't migrate, but new users coming into the traditional Mac niches weren't flocking to Mac fast enough to maintain market share) in the absence of anything from Apple that could inspire them to pay the premium.

This was totally unrelated to Linux/FOSS.

Re:Tear in my eye

[greenbird]

he release of OSX and their renewed marketing drive has brought them back from obscurity.

This had nothing to do with FOSS

Ummm...Do you know where OSX came from? I kinda think FOSS might have had just a bit of an influence on OSX.

Re:Tear in my eye

[riceboy50]

when was it that Steve came back again? 1997.

Re:Tear in my eye

[JJMacey]

Seriously, haven't people moved to other browsers, where the hacks aren't done every day. Or, another OS by now? Adler Phoenix, Arizona

If you don't speak Japanese....

[Dogtanian]

...then here's a word perfect translation of that article (courtesy of Babelfish).

Erm... then again, maybe not.

(If you liked that translation, you might enjoy Babelfish's attempt at Slashdot.jp.)

Re:If you don't speak Japanese....

[arkhan_jg]

From slashdot.jp:

When the policeman of the tie, rule you violate, hello punishment of the kitty?

Heh. I can just imagine a 'tie-inspector' walking round making sure your business attire is up to standard, or else he unleashes an angry cat on you. Or maybe he tortures a cute kitten in front of you, not sure on that point.

Re:If you don't speak Japanese....

[Barny]

http://www.foxnews.com/story/0,2933,292245,00.html

Ask and ye shall receive :)

A bit anti-climactic really.

Re:If you don't speak Japanese....

[Gregory+Cox]

Obviously it should read:

When Thai police violate a rule, they get the Hello Kitty punishment.

See? Makes perfect sense.

Re:If you don't speak Japanese....

[hummassa]

Admittedly this is not a familiar punitive mechanism to those of us in much of the English speaking world, but we shouldn't be so quick to judge the customs and traditions of foreign cultures. Remember, this is coming from the same country that introduced us to high quality inexpensive digital watches, cars that would last for more than 60000 miles, Takeshi's Castle, and tentacle porn. Oh, I didn't know Thailand had brought the world all those great things.</sarcasm>

Re:If you don't speak Japanese....

[0100010001010011]

mod parent splendid discernment.

Thanks for that link. I needed a good laugh in the morning.

Re:If you don't speak Japanese....

[uhmmmm]

Here's a quick translation I just did:

Hello! Good afternoon!!!!!
I stumbled across a browser crash, so today I'll tell you about it!

Here it is!

<style>*{position:relative}</style><table><input>< /table>

    Sample (If you're using IE, your browser will close! You have been warned!)

It seems IE6 or programs using IE6 components will definitely crash!
I haven't checked IE7 though!

It seems to be when you have and input or select or such just below a table or tr or such,
and you use the css wildcard * to set everything to position:relative.

By the way, if the input has its style directly set to relative, it doesn't crash. What's up with that?
I don't really get it, but it sure is interesting...!

Anyone out there who loves Firefox or Opera should go spread this all over and decrease IE's market share!!!

Re:If you don't speak Japanese....

[hax0r_this]

Just to clarify:

It means when you throw away in road surface, and the like are late with illegal parking and work, to apply the rubbish "hello the armband where the character like the kitty" is written over several days.

Re:If you don't speak Japanese....

[TheoMurpse]

And here's my translation. It's a shame that the blog fails to capture the blogger's humor (my translation doesn't do the closing line justice).

OK! Welcome!!!!! Today, because I made an accidental browser discovery, I'll pass it on! It's this:

<style>*{position:relative}</style><table><input ></table>

Sample (If you're using IE, the browser will close! Be careful)
If it's IE6 or IE6 component browser, it definitely seems to crash! I haven't checked IE7 though!
if inside TABLE or TR there is an INPUT or SELECT, and in that neighborhood through the CSS Universal Selector, there is position:relative, you've got problems!
Incidentally, if you put relative directly in the style of an INPUT the browser will crash! What is this?!
I don't really understand it but it's interesting, isn't it...!
Children of Firefox and Opera will this think is like many roses fluttering down as IE's share plummets.

Re:If you don't speak Japanese....

[TheoMurpse]

Err, I meant that the translation fails to capture the humor.

Hmm..

[wumpus188]

It indeed crashes IE here... Windows 2K3, IE7

Re:Hmm..

[Alcoholic+Dali]

IE7 on Vista = no issues with the link provided.

Could be the fact it's been sandboxed on Vista though...

Re:Hmm..

[GIL_Dude]

IE 7 on Vista here did have the crash just as documented. Open a new tab and start typing a URL and it crashed it.

Re:Hmm..

[Junior+Samples]

It indeed crashes IE here... Windows 2K3, IE7 IE7 running on Win2K SP3? How is this possible?
IE7 is not supposed to be able to run on Windows 2000. Has this changed?

Re:Hmm..

[__aasyaa1156]

I'm using IE7 on Windows XP Professional.
It does crash on my machine, but only when opening the new tab.

Re:Hmm..

[Miltazar]

Crashes for me, Vista 32bit,IE7

Re:Hmm..

[plague3106]

Perhaps he means Windows 2003, or Windows Server 2003, on which IE7 does in fact run.

Re:Hmm..

[Junior+Samples]

Perhaps he means Windows 2003, or Windows Server 2003, on which IE7 does in fact run. Thanks for the clarification, now it makes sense.

Bring Down A Website In Six Words

[millwall]

Post
A
Crappy
Article
On
Slashdot

Re:Bring Down A Website In Six Words

Pacaos? That's an interesting acrostic. What does it mean?

Re:Bring Down A Website In Six Words

[Whiney+Mac+Fanboy]

Pacaos? That's an interesting acrostic. What does it mean?

PacaOS is the operating system for Pacas - its a fork of rodentOS. HTH.

Re:Bring Down A Website In Six Words

[Zaph0dB]

yep, still ./ed

Re:Bring Down A Website In Six Words

[Odiumjunkie]

I discovered a weird IE bug... there are six words that, when included on a webpage, stop IE ever being used on that computer again:

get
firefox
from
mozilla
dot
com

Re:Bring Down A Website In Six Words

[frup]

Dotslashed? Configured? !Hidden? :(

Re:Bring Down A Website In Six Words

[Professor_UNIX]

Anyone else have Weird Al in their head singing "This exploit's just six words long..."?

Re:Bring Down A Website In Six Words

[Marcion]

Classic, how cool is that! No smoke yet! Anyhow, here is the mirror if you can't get through right now:

http://www.networkmirror.com/tQxFeWtOc31fVZfD/comm andline.org.uk/2007/how-to-bring-down-internet-exp lorer-with-six-words/index.html

Re:Bring Down A Website In Six Words

[Wite_Noiz]

Okay, that's enough coffee for you

Re:Bring Down A Website In Six Words

[nschubach]

same directoried... I think.

Re:Bring Down A Website In Six Words

[uncamarty]

No, no, no, NOOOO!!!!

Get it out of my head!!! Help!!!

Re:Bring Down A Website In Six Words

[NinjaTariq]

Umm... This crashed my Firefox too... may have just been a one off though.

Re:Bring Down A Website In Six Words

[NinjaTariq]

Yes it was, tried it again and firefox didn't freeze.

I agree download firefox.

Re:Bring Down A Website In Six Words

[ProfFalcon]

Bananaphone. There. Weird Al should be gone.

Re:Bring Down A Website In Six Words

[RulerOf]

Admittedly, I tried that and it didn't work.

Re:Bring Down A Website In Six Words

[john_lewmanny]

Any xml file (like this: ), if referencing a loopy xsl file (no further instructions, but I assure you it's small and simple) automatically crashes Firefox.

Re:Bring Down A Website In Six Words

[BeerCur]

Need
A
Mirror
Of
The
Article

PACAOS leads to NAMOTA.

Re:Bring Down A Website In Six Words

[xjlm]

No doubt. I just reformatted my Windoze box ( I mainly use Debian on an older computer i put together in my younger days) and found the only good use for IE once again: connecting to mozilla.org (now known as mozilla.com) to download the latest Firefox. Of course, I only turn the Windoze box on every week or so to update the anti-virus stuff and any patches Micro$oft may have deemed me worthy of receiving.

Re:Bring Down A Website In Six Words

[Marcion]

Server should be fine now, the first hour was a bit slow but the server was never really slashdotted in the proper sense.

Re:Bring Down A Website In Six Words

[RealGrouchy]

Chances are, when you buy a new computer, by the time you got it it already has an outdated version of IE.

That's why it's important to upgrade IE at http://www.ie7.com/

- RG>

Re:Bring Down A Website In Six Words

[halcyon1234]

This bug's just six words long

/.ed ?

[phalse+phace]

And we bring down a site from a link in the OP.

Is it crashed or not?

[Dogtanian]

It indeed crashes IE here... Windows 2K3, IE7 I'm using IE7 bog-standard Windows XP with SP2, and it "crashed" in the manner described for me too. Remember that (as the article states) you have to open a new tab.

It takes a few seconds to crash after the new tab is opened; that's enough time to type in an auto-completed URL and have it start loading. Strange thing about this is that even though Windows shows the standard "crashed" dialog box for IE, beneath that I can still see (e.g.) Slashdot continue to load in the background until I dismiss the dialog.

Re:Is it crashed or not?

[Bacon+Bits]

It's not a crash, per se. It's a forced closure due to an illegal operation of one component of the browser with code in mshtml.dll.

An exception was thrown that was not properly caught. The error is caused by improper error trapping. Otherwise, the browser would just render things improperly or claim there was an error on the page because it doesn't properly parse and render the style tag.

Re:Is it crashed or not?

[GeckoX]

Pre-tell then, what is a crash?

If it wasn't a crash, it would have instead presented some sort of alert and told the user something, before allowing the user to continue on doing what they were doing. It does none of this...rather...it crashes. Quite unspectacularly, but crash it does.

Sorry, but this isn't exactly schrodinger material, the crash can't simply be waved away by stating 'there is no crash'.

Unless of course, there's a cat in the server box that is serving up this article perchance? ;)

Re:Is it crashed or not?

[GooberToo]

Pre-tell then, what is a crash?

When an exception is thrown and is not properly caught. The error is caused by improper error trapping. This is a classic "crash." ;)

Re:Is it crashed or not?

[Temujin_12]

It's not a crash, per se. It's a forced closure due to an illegal operation of one component of the browser with code in mshtml.dll. An exception was thrown that was not properly caught.

I didn't rear end the person in front of me, per se. I just simply wasn't paying enough attention and failed to break.

Re:Is it crashed or not?

[Bacon+Bits]

I guess I typically consider something a "crash" when the a system or program is wholly unresponsive to the system and requires that the process be manually killed. I equate "crash" to freezing up.

An unhandled exception like this is... an unhandled exception. Maybe I'm too close to it now, though, and just don't refer to specific know types of crashes with the general phrase. You're right, though, I think many people do qualify it as a crash.

Re:Is it crashed or not?

[mopower70]

Pre-tell then, what is a crash? If I could pre-tell what caused a crash, I'd avoid doing it in the first place. But I don't think the precogs come online until 2053 or something like that.

Re:Is it crashed or not?

[ichimunki]

You are confusing "hang" with "crash".

Re:Is it crashed or not?

[Bacon+Bits]

Not at all. I know exactly what I mean, and so do my co-workers (having just polled them). My usage conforms completely to the usage in my office.

Re:Is it crashed or not?

[2short]

Then your office is wrong relative to the rest of the world, where:

Crash = Program unexpectedly terminates.
Hang = Program becomes unresponsive (unexpectedly).

I have known less technical persons to use "crash" in both cases.

Re:Is it crashed or not?

[Cigarra]

My usage conforms completely to the usage in my office.

Bill?!? is that you??

Re:Is it crashed or not?

[ashitaka]

What does your office do? Hopefully nothing to do with computer development.

What you just described is an application or process hanging. The app cannot respond to any user inputs or messages from the OS and the app or even the entire system in the worst case becomes unresponsive.

When an app or process crashes it is no longer running and under a better-designed OS will have its memory cleaned up in garbage collection.

(Developing since 1979)

I Install ViSta!

I is AC. I install MS VISta. It got IE. It good for look at porn. Problem PORN got Not god virus On it and IE not work. Jhow can you help me? I here this thing called linox solve? How virus not get hit? HATIGN@! computer STD. Me loves MSN +.

Re:I Install ViSta!

[frup]

Let me hear us all say WTF!

I know it's real subtle...

[Etherwalk]

> as of June, IE6 was at about 37% market share

Re:I know it's real subtle...

[mtmra70]

I don't see the problem. IE6 and XP work just fine, no need to upgraded.

Yea, yea, dont give me the FF crap.

Re:I know it's real subtle...

[nschubach]

We can't give it to you, you have to choose it. (Unless your workplace mandates)

Re:I know it's real subtle...

[mtmra70]

I meant dont give me crap about not using FF....not "dont give me FF".

Bring down my system in 13 chars.

[BlackPignouf]

:(){ :|:& };:

Re:Bring down my system in 13 chars.

[Bob54321]

Can anyone explain to me what this actually does. It has been my sig for ages to remind me to actually find out but I have never managed to find the time...

Re:Bring down my system in 13 chars.

Not entirely sure but it looks like a declaration of a recursive function with no base case. The function, named ':', is then called immediately after its declaration.

Re:Bring down my system in 13 chars.

[radu.stanca]

From here

It creates a function called ":" that accepts no arguments-- that's
the ":(){ ... }" part of the utterance.

The code in the function calls the recursively calls the function
and pipes the output to another invocation of the function-- that's
the ":|:" part. The "&" puts the call into the background-- that way
the child process don't die if the parent exits or is killed. Note
that by invoking the function twice, you get exponential growth in
the number of processes (nasty!).

The trailing ";" after the curly brace finishes the function definition
and the last ":" is the first invocation of the function that sets off
the bomb.

Most unpleasant...

Just replace ":" with some word, it will be easier to understand:

kill(){kill|kill&};kill

kill()
{
kill | kill &
};
kill

Re:Bring down my system in 13 chars.

[HeroreV]

What kind of horrible torture language would allow ":" as an identifier?! This must be Perl. *shudder*

Re:Bring down my system in 13 chars.

[radu.stanca]

Do you have a windows port, or do I have to install cygwin on my victims' computers first?

Put this in a batch file and run it:

:s
start %0
goto s

Wikipedia :)

Re:Bring down my system in 13 chars.

[bob.appleyard]

The Bourne Shell, actually.

Re:Bring down my system in 13 chars.

[Mister+Whirly]

Sounds more like a Bourne Conspiracy to me...

Re:Bring down my system in 13 chars.

[GregNorc]

[Insert Born Ultimatum reference of your choice here]

What's the chars?

[August+Lilleaas]

Anyone feels like explaining what characters this is all about? Page in article is, liek, down.

Re:What's the chars?

[Pinkfud]

For what it's worth, this is the link to the demo page. If you look at it in Firefox, you can just view source. I didn't try IE on it, so I really don't know whether it works or not.

No. You're kidding. Can't be.

[Opportunist]

You can crash IE? Really? With a webpage? Who would have thought?

Seriously, here's a phone. Call someone who cares. Or at least isn't surprised. Or at least thinks it's newsworthy.

I don't care if I have to wave karma goodbye now, but sensibly, is there an event running today that tries to see how many really uninteresting, uninspired and utterly pointless "news" can make it to the front page on a single day? Yes, it's possible to crash IE. Hey, breaking news, you can even crash it in a way that allows you to execute arbitrary code. Wow. Teh horrorz.

This ain't news. It may be a new hole detected, but could we at least get less lurid subject lines that sound like it's the end of the world? How about "new bug in IE detected"? It would have been at least as accurate and more objective. You might get the same "duh, no kidding" replies, but at least people wouldn't make fun of you for making something trivial as an IE bug sound like it's the end of the internet.

Re:No. You're kidding. Can't be.

[unixfan]

Yes, this is now sounding like the typical clueless US news media where you HAVE to make everything sound as bad as possible to out-do the other fools. Meanwhile those not in that horrid occupation are inundated with useless, bad news. Painted in the worst impossibly bad way.

A dog running into the street and getting hit will be something like Senior Citizens Slaying Dogs Not On Leash! Next will be Internet Discontinued, New Version In Place!

(Don't know how in the world your post could become flamebait, you got to be blind not to see the obvious truth in it!) Though we are of course as off topic as the headline.

Re:No. You're kidding. Can't be.

[apt142]

I think what they considered newsworthy about it is the fact that it can be done in 6 words. Not that the bug exists, but rather how simple it is to crash it. They should have put the foot up there for humor if they wanted to get that across IMHO.

That being said, crashing IE is only slightly more difficult that tying my shoes.

Re:No. You're kidding. Can't be.

[bl8n8r]

> Seriously, here's a phone. Call someone who cares. Or at least isn't surprised. Or at least thinks it's newsworthy.

Attitudes like this are why computer security is in such a dismal state. Crashing an application from a remote system means that application is not filtering it's input correctly and is subject to a remote compromise. Just because IE goes bu-bye and starts right up again doesn't mean everything is peaches. By the time you've restarted the app or rebooted windows, you may have already been compromised with the software of choice by the remote. This cold be a backdoor, keylogger, trojan whatever - and you won't even know it other than "my computer is slow". People need to wise-up because malware is getting sneakier and more cost effective for the people that write it.

Articles like this are news worthy because it brings light to the fact that something is amiss and needs fixing. Unfortunately, other than negative PR, there's little incentive for proprietary software to fix these things. That's one of the reasons IE has been, and still is, such a security nightmare. Firefox is only about 2/3 better (3 pages vs. 8 pages) judging by number of CVEs*. Still, security is about lessening risk. It's foolish to use IE these days with much better options available.

[*] - https://www.kb.cert.org/vuls/html/search

Re:No. You're kidding. Can't be.

[Opportunist]

Yes, browser holes are an issue. Especially with malware packages like MPack around. But does it have to sound like something taken out of Fox' news feed? Can we get news again, instead of the hype we got recently?

Also, telling someone here about security issues with IE is preaching the choir. We know that. I doubt anyone here doesn't know that there are still security holes in IE. And, for the record, also in FF (just so nobody thinks I'm out to do some MS bashing). Unlike FF, we can't do jack about security holes in IE. Can you avoid it? No. Can you fix it? No. Like an ex-boss of mine said, if you don't have a solution or at least an idea that the problem is fixable, it's pointless to announce it. There's nothing we can do to avoid being infected (provided we use IE) or to fix the bug. We can switch away from IE, that's true, but first of all that's not an option for everyone (corporate standards force people to use certain software), and second, most people that know about the security issues of IE already switched to FF. Some switch away from FF now again because of the same reason (although, technically you could fix the problem in FF).

So what's left of the announcement? There's yet another security hole in IE, there's yet another security hole in Windows that you cannot fix or avoid. There's yet another reason to switch to another Browser, or OS altogether.

But if the reasons so far didn't convince you, this one won't either.

Re:No. You're kidding. Can't be.

[GeckoX]

You guys are arguing a valid point, but in the completely wrong place. There is absolutely nothing wrong about this headline. It's (for a change) actually very specific to the topic at hand, and does not blow anything out of proportion...It's a very literal description of the article.

Read it again:

"Bring Down Internet Explorer In Six Words"

Note that it does NOT say:

"OMG!!! Dooomsday!!! Internet falls apart at invocation of 6 words!!! News at 6!!!"

Note that it also doesn't say:

"Bug found in IE"

Rather, it perfectly summarizes the article.

Here's a hint for all of you with your panties in a bundle: Headlines exist for a reason...obviously neither of you think this article has any merit based on it's headline. And yet, here you are! Next time, just skip the articles you don't like mmkay? That is what headlines are for after all, to give you an idea of whether a particular article is worth your time or not.

PS: As someone else mentioned, the point of the article is NOT that there is 'yet another bug in IE'. It's the pure simplicity of it. Plain ole HTML and CSS. No javascript, no XSS, no fancy stuff at all.

Re:No. You're kidding. Can't be.

[Opportunist]

Depends on 2 parameters: First of all, a company having a proxy that is able to do content based filtering (you'd be surprised...), and second, an administrator able to configure it in such a way (you'd be even more surprised...).

In either way it's not a fix. When I say (or write) "fix" I mean something that removes the problem, if not entirely then at least to a sufficiently large percentage that the rest can be chalked off as "necessary risk". This just is not the case. Page obfuscation is a real problem. Another one is that you can send pages in chunks that, taken apart, make no sense and are not harmful, but after the browser assembles them it becomes the exploit. Nothing a "normal" proxy can handle or fix.

A fix for this problem has to come in the form of a browser update. There's little else that can efficiently eliminate the threat.

Re:No. You're kidding. Can't be.

[fishbowl]

>You can crash IE? Really? With a webpage? Who would have thought?

No telling. I didn't even realize people still used IE.

Re:No. You're kidding. Can't be.

[MobileTatsu-NJG]

"I think what they considered newsworthy about it is the fact that it can be done in 6 words."

I think they considered it newsworthy because 'bringing it down in six words' is a Doctor Who reference. :P

Re:No. You're kidding. Can't be.

[InsaneGeek]

> When was the last time you saw Firefox or Safari or Konquror able to be crashed with a malformed web page?

Umm... 9 days ago?

http://secunia.com/advisories/26201/

The vulnerability is caused due to an input validation error within the handling of system default URIs with registered URI handlers (e.g. "mailto", "news", "nntp", "snews", "telnet"). This can be exploited to execute arbitrary commands when a user e.g. using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g. ".bat", ".cmd")

This command would make firefox go "away"
mailto:test%25../../../../windows/system32/tskill. exe firefox.cmd

Re:No. You're kidding. Can't be.

[fatphil]

But it's not even that short. before killed IE a few years back, and was much shorter.

Re:No. You're kidding. Can't be.

[Actually,+I+do+RTFA]

You can crash IE? Really? With a webpage? Who would have thought?

I have yet to use a browser that cannot be crashed with a webpage (except for Opera *eyes glitter*). And the list includes IE, FireFox, and Safari on Max.

Re:No. You're kidding. Can't be.

[jesser]

Crashing an application from a remote system means that application is not filtering [its] input correctly

Wrong. This crash has more to do with layout data structures than "filtering input".

and is subject to a remote compromise.

Only some types of crash bugs are exploitable. If this happened on Mac, we'd probably already know whether this crash was exploitable.

Firefox is only about 2/3 better (3 pages vs. 8 pages) judging by number of CVEs*.

Your link is broken (I get a cert error), so I can't tell you what's misleading about this particular vulnerability-counting scheme.

Re:No. You're kidding. Can't be.

[a.d.trick]

Look at the page, the exploit is in MSIE. Firefox is simply does what IE says it should.

Re:No. You're kidding. Can't be.

[InsaneGeek]

Umm... look at the bottom link in that page, Firefox doesn't quote URI's either, so it is affected by the *exact* issue. Firefox will act the exact same way as IE does and directly pass the URI.

I would say though that a browser should *never* trust input, whether that input is from a webpage or being executed via a command line. So not only does Firefox not quote out URI parameters, it doesn't verify input either, so it gets a double whammy on this one.

http://msinfluentials.com/blogs/jesper/archive/200 7/07/20/hey-mozilla-quotes-are-not-legal-in-a-url. aspx

Re:No. You're kidding. Can't be.

[LingNoi]

I would say though that a browser should *never* trust input, whether that input is from a webpage or being executed via a command line.

I would say that it is a the operating system's job to sanitise the data that coming in over a command line and make ALL programs more secure.

You argument is lame in that you are saying that programs can't trust the data the operating system is handing them.

You are forcing application vendors to build in security for each and every program they write when Microsoft could write it once and every program would be secure.

Re:No. You're kidding. Can't be.

[InsaneGeek]

You really aren't this idiotic are you??? You expect the operating system to know how to filter the correct input to be given to all programs? That's completely stupid and would only work if all the applications came from the same vendor.

In your scenario the operating system should know that when I create a brand new program that "-h ../../../etc/passwd" is a valid CLI argument for my program, but that the same one passed to some other app is bad. Do you have a single ounce of understanding of what you are saying or are just spouting BS?

Re:No. You're kidding. Can't be.

[LingNoi]

If you created a brand new program which was incompatible with new security measures you'd fix the program.

Re:No. You're kidding. Can't be.

[Kadin2048]

I have yet to use a browser that cannot be crashed with a webpage (except for Opera *eyes glitter*). And the list includes IE, FireFox, and Safari on Max.

How about Lynx?

Admittedly, it did have a remote code execution bug back in 2005, but I can't find anything more recent.

Re:No. You're kidding. Can't be.

[InsaneGeek]

You are grasping at straws, I tried to be forceful enough last time for you to realize that shear stupidity of what you are saying, obviously you are a moron amongst morons and will have to be a bit more blunt.

1) You don't know what you are talking about
2) You don't know what you are talking about
3) You don't know what you are talking about (is it finally sinking in?)
4) You are a complete moron for even thinking that, let alone suggesting it
5) The internet got a bit stupider soley because of you

An operating system's job is not to check for syntax input to programs, that's what the program is supposed to do, since the operating system has no knowledge of what the program is going to actually do. The arguments I give to a "rm" or "df" commands are not valid ones I'd give to fsck_ext3, and no person with half an understanding of how computers work would ever expect the operating system to have to keep a table of that information.

Re:No. You're kidding. Can't be.

[Actually,+I+do+RTFA]

I've never tried Lynx. I suppose if you're suggesting it you think its worth a look?

html source is:

* {position:relative}
</style><table><input></table>

Re:html source is:

[derrida]

And here is a link to test it.

Re:html source is:

[nschubach]

And VS2005 puts the problem somewhere around here...

mshtml.dll! 7dcaac6e() mov eax,dword ptr [ecx+4]

7DCAAC6C nop
7DCAAC6D nop
7DCAAC6E mov eax,dword ptr [ecx+4]
7DCAAC71 test al,1
7DCAAC73 jne 7DCB3229
7DCAAC79 and eax,2
7DCAAC7C ret
7DCAAC7D nop

Not that I have any clue what that means since I never learned assembly :p

Re:html source is:

[nschubach]

Those are the ones I left in. There were 5 before and 5 after that block I pasted. I'm assuming those are wasted cycles? Like the FTP NOOP command?

Re:html source is:

[springbox]

The compiler usually puts "No operation" (nop) instructions in for alignment or something

Re:How is this fucking useful ??

[somersault]

When your shit has more than 200HP then it's probably useful to know the temperature

Dr.Who

[gpmidi]

Dr.Who: I can bring down your administration in one word. Prime Minister: One word. Even you aren't capable of that. Dr.Who: Okay, six words. Dr.Who (wispers to aid): Don't you think she looks tired?

Re:Dr.Who

[Burb]

To start a rumour. A rumour that would cause a backlash against the PM. At the time that was first written aired, Tony Blair was looking tired, too.

Evil Plans Thwarted

[PinkyDead]

DAMN YOU SLASHDOT!

Why go to all that trouble?

[annamadrigal]

Alt-F4 gets rid of it much more quickly, and doesn't rely on a Japanese website not having been /.ed.

Stunned into near silence

[weinrich]

The shock of this story has left me nearly speechless. A bug that causes a browser to crash? A story so lame this early in the morning? How can these things be?

Re:Stunned into near silence

[aadvancedGIR]

The particular thing about this crash is that it only use a few (perfectly innocent looking) basic HTML tags.

No big deal.

[140Mandak262Jamuna]

First please realize I am no MSFT fanboi, I have been extremely critical of that company in my previous postings.

MSFT should try to fix the bug that is crashing IE, because crashes in IE have a tendency to become a remote execution bug later. But still, no point in bashing MSFT on this issue. Browsers crashing on malformed input is well known. Firefox, my fav and only browser, too crashes often on malformed input. There is this thing called fuzzing, sending deliberately malformed input to the browser and see what happens. Firefox used to crash more often than IE under fuzzing. Now they provide fuzzing tools for their testers to strengthen mozilla products.

I think they used that in...

[dagurp]

Independence Day

Re:I think they used that in...

[Source+Quench]

I didn't see a laughing skull when it crashed though :(

Common to Trident?

[Stefanwulf]

TFA's servers aren't responding at the moment, so this might be included, but has anyone tried this with non-IE programs which use the Trident layout engine?

If it's Trident that's bringing down IE, then you're looking at HTML code that could also bring down Windows Media Player, several versions of Outlook and Outlook Express, MSN Messenger, Steam (from Valve), and other applications which use it to render web pages. I think at least some versions of Winamp used trident as well, but I'm not sure about that.

Re:Common to Trident?

[slimjim8094]

It's a bug in mshtml.dll (see a previous poster). It should bring down any program which uses that DLL to render pages. That should include Steam and everything else you mentioned.

Re:Common to Trident?

[TheoMurpse]

The original Japanese says it is confirmed as working on something called the IE Component Browser. Is this the Trident engine? I take "IE component browser" to be the thing you can wrap in your own skin/"browser" and brand it the "TheoMurpse Browser!!!(TM)"

Re:How is this fucking useful ??

[Dragonslicer]

200 HP? Is your shit a 20th level Barbarian or something?

Another site

[Savage-Rabbit]

I tend to use http://www.w3counter.com/globalstats.php more than the w3schools stats, they're usually more accurate since w3schools has a very specific audience. These guys have some interesting statistics:
http://marketshare.hitslink.com/default.aspx

I won't speculate on the accuracy of these sites but it's interesting to compare the w3 statistics with the hitslink.com statistics. Linux for example gets twice the share on the w3 counter as on the hitslink.com site. Vista gets fewer hits on the w3 counter than on the hitslink.com site, it's currently standing at 5,4%, I thought it would be in more widespread use by now. The older Macs are completely missing from the w3 counter although I know for a fact that loads of people are still using them.

IE Usage @ w3schools?

[asylumx]

as of June, IE6 was at about 37% market share and IE7 under 20%

Yeah, but don't you think w3schools would be a bit biased? W3schools is a site full of tutorials and information for developers. Developers tend to prefer FireFox due to its robust plugin system and some of the excellent plugins for that system (Firebug, Web Tools, etc.) so I'm not surprised that FireFox has a higher rate of use on such a site. In fact, I am surprised that it's not higher!

Re:IE Usage @ w3schools?

[kebes]

Yeah the w3schools stat of 34% firefox is higher than the global average. The Wikipedia page on browser share summarizes statistics from a wide variety of sources (and includes links, of course). As can be seen, the values vary depending the location and types of sites used in the stats. According to some reports, Firefox is nearing 28% usage across Europe. The global stats for generic sites seem to agree that Firefox usage is 12%-15%, versus Internet Explorer (all versions) being 75%-84%.

Still, this is a huge shift from the 96% share IE had a few years back. The fact that some sites get 30% Firefox usage (actually I run a small site that gets 46% Firefox) means that web developers can no longer ignore coding to standards. This is a good thing.

Re:Uh huh

[MetalPhalanx]

One hack to rule them all...

Funny, but not "Engrish"

[Dogtanian]

I'm for replacing the current Slashdot moderation options with hilarious Engrish ones: Oh yeah, "It is strange funny".... that was one I loved. (I've been "reading" Slashdot Japan through Babelfish for quite a while now- that's where my sig comes from).

However, it's misleading to call these "Engrish", as that normally refers to the use of bad English (or even pseudo-English) by the Japanese.

By contrast, this is a quaint auto-translation of correctly-written Japanese. Okay, so the "cute" tone is probably down to the differences between Japanese language and culture as well... but it's still not Engrish per se.

Re:Internet Explorer Haters

[tgatliff]

To be perfectly fair, Safari also crashes from time to time, but I do not know the specific causes as with this error... The thing that annoys me the most about Safari, though, is that is drinks memory like a sailor drinks beer...

The difference is, though, that you can take my MacBook Pro away from me when you pry it from my dead cold fingers... Expensive or not.. Other than some minor quirks, I am so much more efficient during the day on my MacBook Pro than I ever way on Windows... :-)

*Six* words? Amateurs.

[cbrichar]

Six words? Please.

As any pimply-faced 14 year old surfing the web alone in his bedroom could've told you, all it takes is your Mom unexpectedly calling your name from right outside your door to cause IE to be shut down immediately.

Re:Uh huh

[nschubach]

...one hack to find them, one hack to show them all, and in the code lines fry them?

Re:Browser Metrics

[I'm+Don+Giovanni]

"I tend to use http://www.w3counter.com/globalstats.php more than the w3schools stats, they're usually more accurate since w3schools has a very specific audience."

It may be more accurate, but still not very, considering that it says that Latvia makes up 4% of web usage. ;)

So? One can easily crash Firefox too...

[bradbury]

If the point of this item is to point out bugs in IE it isn't alone. I crashed a large Epiphany session with a segmentation violation a couple of days ago and its relatively easy to crash Firefox if you limit the amount of memory available using ulimit (Firefox doesn't catch "early" C++ memory allocation failures and handle them gracefully). Firefox also has the infamous "window unexpectedly destroyed" bug (#263160) for ~3 years (which will crash the browser if you attempt to close the untitled window).

I suspect all of the Mozilla based browsers will effectively die if one throws enough "heavyweight" pages at them (i.e. those which are activity heavy [because there isn't a Javascript/Active HTML/Animated GIF scheduler]) or run out of swap space (again because memory allocation failures are not handled gracefully).

IMO, developers place too much emphasis on feature enhancements rather than making the existing browsers run reliably (bugs shouldn't linger for 3 years), with a minimal machine footprint (Netscape 4.7x required significantly less memory than Firefox) and effective priority scheduling of the "top" window (user responsiveness).

Why IE?

[Deathless+Durin]

Six words to bring down IE: Use FireFox to browse the web

Old news

[sqlrob]

A badly formed INPUT tag has been known to take down IE since at least 2003.

Bigger news is why is it still there?

Also crashes Outlook...

[eglass1]

If you include it in the body of an HTML mail message.

Re:Also crashes Outlook...

[east+coast]

But which version of Outlook? Outlook 2007 no longer uses IE as it's HTML viewer but rather uses the Word 2007 HTML viewer.

Safari can beat that

[teh+kurisu]

Big deal. I can crash Safari 2.0.4 in two clicks. Enable Slashdot's new discussion system and click on a 'Reply to This' link. Press the Back button. Crash.

Re:Safari can beat that

[DanJ_UK]

Just opening Safari on windows crashes the browser for me.

Re:Uh huh

[Liberaltarian]

Or we could militarize it, and only show the words to our national enemies!

Wait... where have I heard of that idea before...?

Doesn't crash in Mac OS

[objekt]

Yup, doesn't crash IE 5.2.3 for Mac OS X.

Writing Contest!

[Smokybfgs]

Here I was all excited because I thought it was a writing contest to insult IE in 6 words. My mind was all ramped up for creativity. Now I have the mental equivalent of blue balls ...

Mixed results with ies4linux

[jonathan3003]

On Ubuntu, with ies4linux, it crashes ie6 but not ie7.

And this crashes Ff 2.0.0.5

[Gnu+Zealand]

http://24.29.222.112/ Why? Has something bad happened to my 'puter as a result?

Six more words to bring down the Internet

[pandrijeczko]

"There is no more pr0n here."

Re:Who cares?

[Kenshin]

Oh, we have one holdout in our office. Everyone else is switched over to IE7, and I use Firefox, but this guy is unbelievably stubborn and refuses to allow me to upgrade it for him despite all explanations of why it's a good idea.

He's one of the company owners, and gets all pissy if I even install a security update on his machine. But if he wants to risk losing his QuickBooks when his computer eventually gets 0wned through IE6, well, that's his problem then.

One Javascript command

[Arancaytar]

Last I checked, a single Javascript command was enough to crash IE, and I think it works in IE7 as well as IE6:

    for (x in document.write) { document.write(x);}

Was a great prank (ie, a sig link saying "IE USERS DON'T CLICK HERE"). Heh.

infinite loop, causing a memory error or buffer ov

[XHIIHIIHX]

infinite loop, causing a memory error or buffer overrun or one of these other horrible things that languages without inbuilt memory management are susceptible to. WTF? You never seen java in an infinite loop sucking up all a machines resources? Who cares if it's a buffer overwrite or an Unhandled Exception?

Re:Uh huh

[utopianfiat]

it's not necessary. I've already got a fix up.

hee hee hee

Re:Browser Metrics

[VJ42]

It may be more accurate, but still not very, considering that it says that Latvia makes up 4% of web usage. You'd be surprised, there was a piece on the radio (BBC Radio 4) the other day about the high %age of internet connectivity in the Baltic states.

Truth hurts, So Mod Me A Troll

[smitth1276]

It's easier than introspection, huh? Dipshits.

let me count for you

[someone1234]

1. *
2. {
3. position
4. :
5. relative
6. }

actually, these are the 6 words

[someone1234]

1. <style>
2. *{position:relative}
3. </style>
4. <table>
5. <input />
6. </table>

Those 6 words...

[bilgebag]

"Doesn't it look tired these days?"

Re:So? One can easily crash Firefox too...

[Seismologist]

For those of you researching bug #263160, click on the link provided.

The Barry Bonds Bug

[cloudscout]

That asterisk is trouble for everyone now.

Re:Uh huh

[Nosferatu+Alucard]

Coooool, it worked. Now, just post this on every website with a note that says "This website is best viewed with Firefox" and tah dah, the fall of IE! :P

Re:How is this fucking useful ??

[LBt1st]

Funny, I read it as "Horsepower".

I think I can explain this

[porneL]

• position:relative triggers hasLayout mode for given element, which appears to be a complete, different rendering (sub)engine in IE.
• In CSS spec table elements are exception from all HTML/CSS layouting rules and IE they're even more of an exceptional-exception judging by the fact that display:table is not supported and display on table elements can only change visibility, not layout.
• and on top of that <input> has been source of embarassment for IE already. <input type> alone used to instantly kill IE.

This is what happens when you implement stuff by adding hack on top of a hack (CSS on top of "magic" HTML elements) instead of refactoring old crap and using proper approach (all display handled by CSS only).

The Six Words

[aduzik]

The six words are, "don't you think she looks tired?"

Is it...

[ShagratTheTitleless]

The Power of Christ Compels You?

Re:So? One can easily crash Firefox too...

[Warbothong]

Just curious, are there any figures which compare security issues for KHTML, Webkit, Gecko, Opera, etc.? I am guessing that bug trackers alone would be incredibly skewed towards the most-used engines, and statistical methods tend to own me.

No good statistics to my knowledge

[bradbury]

Well, security holes and crashes are somewhat orthogonal to each other. In systems where instruction space is separate from and protected from data space and the kernel space is separate from the user space it isn't clear how bad security can get in practice. Browsers I suspect are more vulnerable if one has plugins that can gain access to the user data space (form entry strings, user files, etc.). Installation of any binary packages is problematic (the greatest risk in an open source world would be compromised mirrors IMO).

There is a lot of attention on (and tracking of) potential security holes (buffer overflows, etc.) and differences between such holes in IE vs. Firefox, rates of security patches in various closed source systems vs. open source systems (and then distribution through open source distributors) -- but from someone on the outside, such as myself, there seems to be a lot of handwaving and very little detail on how real problems are put into web sites or emails and infect "real" protected user systems (which Unix/Linux/BSD systems have always tended to be) and which Windows (e.g. Vista) is slowly becoming. I suspect the real security experts know how one might make such attempts (root kits, etc.) but no "real world" "real risk" statistics seem to be available even for people who are regular /. readers.

Re:Bring Down Internet Explorer In Six Words

[The_mad_linguist]

He's a heavy tipper.

Re:Uh huh

[ironarmor]

Just using adblock software like Admuncher(http://www.admuncher.com/) IE7Pro(http://www.ie7pro.com)
and add this rule:

<style>* {position:relative} </style><table><input></table>

then it must be ok

Re:How is this fucking useful ??

[somersault]

Which is as it was intended (obviously)

IE is not 37%

[jproffer]

It should be noted, that the page lists both IE7 and IE6 percentages. IE's total market with a combined IE6/7 is 57%.

Wow, good to see this dug up again

[OffBeatMammal]

it's been a while since anyone mentioned the malformed tag as a problem
http://www.securityfocus.com/archive/1/319360/2003 -04-20/2003-04-26/0

Would all the anti IE folks please put this on their site immediately so I don't have to spend time on them ;)

Re:So? One can easily crash Firefox too...

[ReinoutS]

I crashed a large Epiphany session with a segmentation violation a couple of days ago

Did you file a bug report with bug-buddy and if so, what's the bug number?

Many crashes are due to misbehaving plugins. Due to Mozilla plugin architecture, there's nothing we can do about this. (However, an experimental WebKit back-end was recently added to Epiphany.)

Re:So? One can easily crash Firefox too...

[bradbury]

I don't remember. It may have filed it and I may have received a note that it didn't contain enough information. Bug reports without full symbol traceback information are pretty useless most of the time. I'm in the process of rebuilding all of the latest libraries with debugging but thats always a multi-day process unfortunately (and not one that I would guess the average user would undertake). If one gets a SEGV after running the browser a couple of days in the middle of a complex session its probably a memory corruption problem -- and likely only able to be debugged by a few core developers who understand everything thats in the heap. I don't use a lot of Epiphany plugins and generally ditched most of my Firefox plugins because they contributed to heap fragmentation/memory loss (even the Flash player from Adobe since that tended to fault). I'll be leaning towards the first browser that gets a robust bookmark system as neither Epiphany nor Firefox (2.0 *or* 3.0a7pre) are anything I'd consider to be worthy of the label "production".

Re:So? One can easily crash Firefox too...

[ReinoutS]

I'll be leaning towards the first browser that gets a robust bookmark system

Out of curiosity, what would it take for you to consider a bookmark system "robust"?