This is a funny bug found in Internet Explorer (and all other software where the HTML rendering libraries are used, such as Outlook and co.).
By including <input type crash> in your HTML code, it is actually possible to get Internet Explorer & co to crash! Talk about compliance.
Check out the bug report: Secunia – Advisories – Microsoft Shell Light-Weight Utility Library Denial of Service
Reportedly, the vulnerability can be exploited to crash the following applications:
– Windows Explorer
– Internet Explorer
– Outlook
– Outlook Express
– Frontpage
NOTE: Other applications may also be affected.
Solution:
There is no immidiate solution available.
If this is regarded as a serious risk, then don’t view untrusted HTML documents. Use another browser that isn’t linked to the vulnerable library when surfing the Internet.
Yet another good reason to switch to Opera!
Disclaimer: I am norwegian, and so is Opera Software. Unfortunately I don’t own any stocks in the company ;-)
You actually dont need the crash.
will work just as well.
ooops. the comments stripped the html.
You dont need the crash, only this: <input type>
It will crash with anything you put after the type. try:
input type nothing
Regards,
Miguel Moreno
[email protected]
Sean,
You beat me. I was just going to mention that….
Regards,
Miguel Moreno
I tried that on all my browsers and they didn’t crash? You sure its [input type nothing] (replaced the square brackets with the normal HTML brackets..)
You starting to promote Opera, Jarle? :)
Disclaimer: Not Norwegian, don’t own stocks in Opera, but do work for them ;-)
Hi Remco, Opera is a great browser and I have been pushing it whenever I have had the chance. With 7 it has really become a grown up browser with a lot of UI enhancements that I miss in other browsers (I am sure Microsoft will follow with gestures pretty soon).
The amazing thing is that the browser is still lightening fast, even with its amazing CSS/HTML rendering support. The only thing I miss is support for XML. Its nice to be able to browse XML documents as threes in IE, would have been great with something simular in Opera.
Have to agree there, support for XML treeview would be indeed quite nice.
There’s been some discussion about this ( http://my.opera.com/forums/showthread.php?s=&threadid=18078&highlight=xml ) on the Opera forums, but it doesn’t seem like the developers are very enthousiastic about it.