Suppress malicious invocation via img HTML tag

aeon · Post by **aeon** » January 16th, 2003, 4:49 am

Sometimes I come across those pages with malicious
img tags on them to crash a browser, for example
<img src=mailto:111111> opens up thousands of mailer windows and
<img src=telnet://...
<img src=pnm://...
<img src=news://...
<img src=file://...
are annoying too, if thousands of them are written in one page you load up. How about implementing some restriction on the number
such invocation can occur when they are not one of general protocols that is http? It's nice you can set it in preferences.

You may suggest using local proxies to filter those bad codes, but I'm too lazy to do it so please don't mention about such tools.

Post by **alanjstr** » January 16th, 2003, 7:19 am

I wonder if there is a Bugzilla bug for that. It sounds like a Mozilla problem.

I have yet to run into any page that is formed like that. Do you have an example?

aeon · Post by **aeon** » January 16th, 2003, 7:55 am

alanjstr wrote:I wonder if there is a Bugzilla bug for that. It sounds like a Mozilla problem.

I have yet to run into any page that is formed like that. Do you have an example?

Yes, mozilla scope may be appropriate, but I know
when it is submit to Moz it'll take longer to be implemented in it (sigh)

As for an example,
view-source:http://www.google.com/search?q=cache:QHquADR7vuUC:www.strangeworld.org/
if you have courage load it up without view-source.
It contains JavaScript loop crash in additon to <img src=mailto:...>, but JS thing is not relevant here, look at the bottom of the source.
If you run Phoenix on MS Windows, it'll open up Outlook Express.
I don't know Linux well, but on MS Windows telnet:// can invoke hyperterminal and pnm:// can invoke RealPlayer.

Post by **alanjstr** » January 16th, 2003, 8:10 am

Ok, this is a serious bug that will cause a DoS to the user. My Lotus Notes went bonkers and I had to physically pull the plug on my machine to get it to stop.

I'm gonna contact Mozilla security for advice and will post back here.

gorn · Post by **gorn** » January 16th, 2003, 5:45 pm

no problem here :-P

linux

daihard · Post by **daihard** » January 16th, 2003, 10:36 pm

gorn wrote:no problem here

linux

I know. Assuming it's not going to kill my RH box, I tried that site. I was right -- since the mailer association doesn't exist, no mail application got opened.

(Tells you that a Linux-specific bug can be helpful!)

SHINE · Post by **SHINE** » January 17th, 2003, 2:20 pm

Thank god win xp is stable as hell, I don't want to open that link on a win 95/98 machine.

Post by **alanjstr** » January 17th, 2003, 2:29 pm

Win2k is very stable. I just wasn't patient enough to let that page finish loading.

daihard · Post by **daihard** » January 17th, 2003, 5:44 pm

alanjstr wrote:Win2k is very stable. I just wasn't patient enough to let that page finish loading.

I am not going to start another Windows-vs-Linux flame war here.

Post by **alanjstr** » January 17th, 2003, 6:01 pm

Just because I use Win2k doesn't mean I think it's superior to Linux. No response from mozilla.org yet.

aeon · Post by **aeon** » January 18th, 2003, 12:28 am

Well I myself uses WinXP and OS is stable, though
sudden resource takeover may cause pageout or something to lower overall system performance.
The probelm is, the quickest way to stop this spawning
many many windows is to kill the Phoenix process from task manager and you'll lose the data you
are looking in another tab or another Phoenix window.

BTW those malicious invocation is really old, old
way to crash browser, and I suspect there's some
reason that Moz people don't implement any
restriction, for example, they are too lazy to
implement such thing since you can use 3rd
party local proxies, or they may suggest
GNU/Linux or *BSD:P

But I hope Phoenix goes more far on this matter.

daihard · Post by **daihard** » January 18th, 2003, 1:51 am

alanjstr wrote:Just because I use Win2k doesn't mean I think it's superior to Linux. No response from mozilla.org yet.

I know. I actually agree that 2000 is a bit more stable than XP, especially when XP is used with Luna.

Post by **alanjstr** » January 18th, 2003, 7:50 am

The odd thing was that I couldn't even get task manager to kill the phoenix process.

Post by **djst** » January 18th, 2003, 9:44 am

daihard wrote:
alanjstr wrote:Just because I use Win2k doesn't mean I think it's superior to Linux. No response from mozilla.org yet.

I know. I actually agree that 2000 is a bit more stable than XP, especially when XP is used with Luna.

Do you actually notice a difference in stability when using the luna appearance? I never have.

David James · Post by **David James** » January 18th, 2003, 11:06 am

If it weren't for this Linux mailto: bug, we'd have been victimized by a zillion kmail or mozmail or whatever windows as well.

For that reason I don't even want to try using Galeon or Konqueror on it.