From nocarrier@DARKRIDGE.COM Thu Feb 26 01:24:00 1998
From: nocarrier 
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Date: Tue, 27 Jan 1998 11:06:49 -0500
Subject: BUG: Crash Netscape Communicator.

Well, I told Netscape a while ago, but it doesn't look like they did anything
about it. Anyway, I'm not a browser fanatic, so I don't know if there's any
security exploitability involved (in light of l0pht's recent discoveries and
advisories).

-----

 Problem:  Bug in HTML Parser of Netscape Communicator 4.x.
 Result:   Crash the browser.
 Tested:   Linux, Windows (95, NT4), Mac, Solaris (2.5).
 Affected: Linux, Windows, Solaris (2.5).


Description:

   The following code is all that is necessary to crash the browser. I would
 like to point out that intermixing different tags may render this bug
 benign, so the specific order is required. The ... and
 closing tags are not necessary.


---8<---

[snip...]

Here's some text. The following IMG tag can be valid or invalid, it didn't
matter in the tests I ran.

_IMG SRC=""_

Some more text. Following the IMG tag, you must have at least a TABLE and TD
tag. The existance of the TR tag is not necessary to cause the crash.

_TABLE_
_TR_
_TD_

[snip...]

---8<---


nocarrier@darkridge.com
Darkridge Security Solutions