Author: jmm-guest Date: 2005-04-03 22:29:00 +0000 (Sun, 03 Apr 2005) New Revision: 736 Modified: sarge-checks/CAN/list Log: This "DoS" doesn''t look like an issue IMO. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-04-03 21:56:10 UTC (rev 735) +++ sarge-checks/CAN/list 2005-04-03 22:29:00 UTC (rev 736) @@ -1512,8 +1512,13 @@ CAN-2005-0488 NOTE: reserved CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...) - NOTE: only a DOS; page with example is down, so cannot check. - TODO: check + NOTE: This is not a real security issue; it just describes the fact that the Gecko + NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks + NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed + NOTE: during transfer any user will cancel the transfer and if you load it from the + NOTE: hard disc, well than you have "DoSed" yourself, congratulations. + NOTE: It''s reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers + NOTE: generally try to make sense of anything even remotely resembling HTML. CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) NOTE: not-for-us (mailcarrier) CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)