Andrew Zonenberg on Nostr: Recently stumbled across a HTML file I made as a prank for some friends years ago. It ...
Recently stumbled across a HTML file I made as a prank for some friends years ago.
It displayed a "get Firefox" button and (if you were running IE) a ten-second JavaScript countdown.
When the timer hit zero, it would then then instantiate a new ActiveXObject("giffile") and access the bgColor property.
This triggers CVE-2007-0612 and segfaults your browser with a null deref. Although this was ultimately fixed in I think IE8, Microsoft at the time did not consider this to be a serious issue and stated they did not intend to release a patch.
It displayed a "get Firefox" button and (if you were running IE) a ten-second JavaScript countdown.
When the timer hit zero, it would then then instantiate a new ActiveXObject("giffile") and access the bgColor property.
This triggers CVE-2007-0612 and segfaults your browser with a null deref. Although this was ultimately fixed in I think IE8, Microsoft at the time did not consider this to be a serious issue and stated they did not intend to release a patch.