All it takes to crash Windows and display a blue screen is a simple row of HTML code on a webpage, the crash resulting in a reboot and possible loss of unsaved data.

The crash is caused by defining a huge picture in HTML document which makes the browser, be it Firefox 1.04, IE, Mozilla 1.7.8 or Netscape 8, demand a large amount of memory from Windows which then crashes. The picture itself doesn’t need to big at all.

This vulnerability has been confirmed by the German news agency Heise online. Heise online has tried this bug with Windows XP Service Pack 2 and it will crash with all major browser except Opera 8 which seems to be immune as well as the upcoming Firefox 1.1. Heise online has tested the alpha version of Firefox 1.1 (Deer Park Alpha 1), which also seems to be immune at this stage. Opera 8 even displays the image correctly where as Firefox 1.1 alpha only displays a black box.

The bug was detected by the security consultant Luis Cortes Zavala who works with the Hypersec Consulting Group.

<a href="http://www.heise.de/newsticker/meldung/60433">Heise Online</a>

<a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0069.html">The bug</a>



Posted By: Langos

All it takes to crash Windows and display a blue screen is a simple row of HTML code on a webpage, the crash resulting in a reboot and possible loss of unsaved data.

The crash is caused by defining a huge picture in HTML document which makes the browser, be it Firefox 1.04, IE, Mozilla 1.7.8 or Netscape 8, demand a large amount of memory from Windows which then crashes. The picture itself doesn’t need to big at all.

This vulnerability has been confirmed by the German news agency Heise online. Heise online has tried this bug with Windows XP Service Pack 2 and it will crash with all major browser except Opera 8 which seems to be immune as well as the upcoming Firefox 1.1. Heise online has tested the alpha version of Firefox 1.1 (Deer Park Alpha 1), which also seems to be immune at this stage. Opera 8 even displays the image correctly where as Firefox 1.1 alpha only displays a black box.

The bug was detected by the security consultant Luis Cortes Zavala who works with the Hypersec Consulting Group.

<a href="http://www.heise.de/newsticker/meldung/60433">Heise Online</a>

<a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0069.html">The bug</a>



Posted By: Langos

All it takes to crash Windows and display a blue screen is a simple row of HTML code on a webpage, the crash resulting in a reboot and possible loss of unsaved data.

The crash is caused by defining a huge picture in HTML document which makes the browser, be it Firefox 1.04, IE, Mozilla 1.7.8 or Netscape 8, demand a large amount of memory from Windows which then crashes. The picture itself doesn’t need to big at all.

This vulnerability has been confirmed by the German news agency Heise online. Heise online has tried this bug with Windows XP Service Pack 2 and it will crash with all major browser except Opera 8 which seems to be immune as well as the upcoming Firefox 1.1. Heise online has tested the alpha version of Firefox 1.1 (Deer Park Alpha 1), which also seems to be immune at this stage. Opera 8 even displays the image correctly where as Firefox 1.1 alpha only displays a black box.

The bug was detected by the security consultant Luis Cortes Zavala who works with the Hypersec Consulting Group.

<a href="http://www.heise.de/newsticker/meldung/60433">Heise Online</a>

<a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0069.html">The bug</a>



Posted By: Langos

All it takes to crash Windows and display a blue screen is a simple row of HTML code on a webpage, the crash resulting in a reboot and possible loss of unsaved data.

The crash is caused by defining a huge picture in HTML document which makes the browser, be it Firefox 1.04, IE, Mozilla 1.7.8 or Netscape 8, demand a large amount of memory from Windows which then crashes. The picture itself doesn’t need to big at all.

This vulnerability has been confirmed by the German news agency Heise online. Heise online has tried this bug with Windows XP Service Pack 2 and it will crash with all major browser except Opera 8 which seems to be immune as well as the upcoming Firefox 1.1. Heise online has tested the alpha version of Firefox 1.1 (Deer Park Alpha 1), which also seems to be immune at this stage. Opera 8 even displays the image correctly where as Firefox 1.1 alpha only displays a black box.

The bug was detected by the security consultant Luis Cortes Zavala who works with the Hypersec Consulting Group.

<a href="http://www.heise.de/newsticker/meldung/60433">Heise Online</a>

<a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0069.html">The bug</a>



Posted By: Langos

All it takes to crash Windows and display a blue screen is a simple row of HTML code on a webpage, the crash resulting in a reboot and possible loss of unsaved data.

The crash is caused by defining a huge picture in HTML document which makes the browser, be it Firefox 1.04, IE, Mozilla 1.7.8 or Netscape 8, demand a large amount of memory from Windows which then crashes. The picture itself doesn’t need to big at all.

This vulnerability has been confirmed by the German news agency Heise online. Heise online has tried this bug with Windows XP Service Pack 2 and it will crash with all major browser except Opera 8 which seems to be immune as well as the upcoming Firefox 1.1. Heise online has tested the alpha version of Firefox 1.1 (Deer Park Alpha 1), which also seems to be immune at this stage. Opera 8 even displays the image correctly where as Firefox 1.1 alpha only displays a black box.

The bug was detected by the security consultant Luis Cortes Zavala who works with the Hypersec Consulting Group.

<a href="http://www.heise.de/newsticker/meldung/60433">Heise Online</a>

<a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0069.html">The bug</a>



Posted By: Langos

All it takes to crash Windows and display a blue screen is a simple row of HTML code on a webpage, the crash resulting in a reboot and possible loss of unsaved data.

The crash is caused by defining a huge picture in HTML document which makes the browser, be it Firefox 1.04, IE, Mozilla 1.7.8 or Netscape 8, demand a large amount of memory from Windows which then crashes. The picture itself doesn’t need to big at all.

This vulnerability has been confirmed by the German news agency Heise online. Heise online has tried this bug with Windows XP Service Pack 2 and it will crash with all major browser except Opera 8 which seems to be immune as well as the upcoming Firefox 1.1. Heise online has tested the alpha version of Firefox 1.1 (Deer Park Alpha 1), which also seems to be immune at this stage. Opera 8 even displays the image correctly where as Firefox 1.1 alpha only displays a black box.

The bug was detected by the security consultant Luis Cortes Zavala who works with the Hypersec Consulting Group.

<a href="http://www.heise.de/newsticker/meldung/60433">Heise Online</a>

<a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-05/0069.html">The bug</a>



Posted By: Langos