Yeah, firefox is prone if it's set as your GIF file handler, schmarty.<br><br><div><span class="gmail_quote">On 3/12/07, <b class="gmail_sendername">Kristian Hermansen (khermans)</b> <<a href="mailto:khermans@cisco.com">
khermans@cisco.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<p><font size="2">Firefox even crashes if you have it open and visit the site from lynx...<br>
<br>
$ lynx <a href="http://people.zoy.org/%7Esam/firefox-crash-save-session-before-clicking.gif" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif
</a><br>
<br>
Looking up <a href="http://people.zoy.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">people.zoy.org</a><br>
Making HTTP connection to <a href="http://people.zoy.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">people.zoy.org</a><br>
Sending HTTP request.<br>
HTTP request sent; waiting for response.<br>
HTTP/1.1 200 OK<br>
Data transfer complete<br>
/usr/bin/firefox '/tmp/XXXXggdfOe/L23367-1095TMP.gif'<br>
<br>
lynx: Start file could not be found or is not text/html or text/plain<br>
Exiting...<br>
--<br>
Kristian Hermansen<br>
<br>
___<br>
Date: Fri, 09 Mar 2007 20:31:40 +0200<br>
From: T?nu Samuel <<a href="mailto:tonu@jes.ee" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">tonu@jes.ee</a>><br>
Subject: [Full-disclosure] firefox <a href="http://2.0.0.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">2.0.0.2</a> crash<br>
To: <a href="mailto:full-disclosure@lists.grok.org.uk" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">full-disclosure@lists.grok.org.uk</a><br>
Message-ID: <<a href="mailto:1173465100.5229.48.camel@duo.jes.ee" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">1173465100.5229.48.camel@duo.jes.ee</a>><br>
Content-Type: text/plain; charset=UTF-8<span class="q"><br>
<br>
Can be dupe but in fast browsing over topics I did not discovered this<br>
exploit:<br>
<br></span><span class="q">
<a href="http://people.zoy.org/%7Esam/firefox-crash-save-session-before-clicking.gif" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://people.zoy.org/~sam/firefox-crash-save-session-before-clicking.gif
</a><br>
<br>
<br>
I do NOT know anything else than this url. Just seen it in random<br>
discussion and anyone else I asked knows nothing. Current tests indicate<br>
that Mozilla <a href="http://2.0.0.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">2.0.0.2</a> gets killed within second, <a href="http://1.5.0.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
1.5.0.10</a> survives.<br>
<br></span>
T?nu</font>
</p>
</div>
<br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</blockquote></div><br>