Date: Mon, 17 May 1999 07:33:33 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Subject: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) Message-ID: <Pine.GSO.3.96.990517072214.22349A-100000@roble2.roble.com> In-Reply-To: <bulk.11722.19990513000534@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Has anyone attempted to browse: http://microsoft.com/NTServer/all/Downloads.asp using Netscape Navigator and noticed what seems to be an HTML denial of service? I've tested this page with Javascript on and off, Java on and off, cookies on and off, stylesheets off, under FreeBSD, Linux and Solaris and the behavior is consistent: * Navigator freezes for several seconds * CPU utilization climbs briefly to near 100% * memory usage climbs by 11MB * the 11MB or memory are not released even after leaving the page and clearing disk and RAM caches. The page <HEAD> shows two possible sources for this extremely unusual browser behavior: <HTML><HEAD> <META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))'> <META NAME="MS.LOCALE" CONTENT="EN-US"> <LINK REL="stylesheet" TYPE="text/css" HREF="/NTServer/global/Netscape.css"> <SCRIPT SRC="/ntserver/inc/jscripts.js" LANGUAGE="javascript"> </SCRIPT></HEAD> Using lynx to downloaded the jscripts.js and Netscape.css scripts there is, as expected, a good deal of browser-specific code. Is there a csslint or javascript debugging utility which might identify this Unix-Netscape specific problem? -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.990517072214.22349A-100000>