Microsoft Internet Explorer 5/6 - Recursive JavaScript Event Denial of Service

Author: Berend-Jan Wever
type: dos
platform: windows
port: 
date_added: 2002-04-24  
date_updated: 2012-09-20  
verified: 1  
codes: OSVDB-86913  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21416.txt  

source: https://www.securityfocus.com/bid/4583/info

An issue has been reported in some versions of Microsoft Internet Explorer. It is possible for a malicious web page using JavaScript to crash the browser process. Under Windows 95 and 98, this may impact the underlying operating system as well.

This behavior can be caused by the indirect recursive calling of an onError event which redefines an invalid source to an image tag.

<IMG src="::" onError="this.src='::';">