http://www.netsoc.tcd.ie/~horkana/dev/web/crashcrashcrash/redirect_file-nul.html windows 98 and all the 9x series suck rocks through a straw! the malicious webpage i have crafted crashes windows to crash in several varieties of IE (including 6) and several varities of Netscape products (including 4.x) and Mozilla nightly builds (it is the redirect which i added that makes this particularly malicous, i cannot remember the page i found the exploit will try and add it later). like so <meta http-equiv="refresh" content="0; URL=file://c:/nul/nul" > perfectly reproducable but a royal pain in the ass to do so as i dont have VMWare or such like and it takes down my entire machine. Thank god for Linux, another huge reason for me to use Gnome exclusively and ditch this skankey OS completely. </rant> As a short term solution and useful feature, is there any way to disable/disallow/warn on http redirects?

*** Bug 159867 has been marked as a duplicate of this bug. ***

*shrugs* Weird weird, my win98 won't crash. :-b (buld 2002072808) Also, I strongly beleive it's INVALID, because it's Microsoft's fault, and they even have a patch for it. Here's the link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-017.asp Browser should NOT be responsible for Microsoft bugs and/or users who neglect patching their computers. Dixi.

fair enough, probably is invalid I thought i was up to date and would have gotten the necessary patches with IE6 as microsoft often bundle important security fixes keeping up to date with windows patches is not easy (certainly not as easy as "apt-get"ting security updates) especially when some supposedly security updates have quite wide ranging effects or disable functionality without clearly warning you or try to get you to agree to unpleasant new license changes. i want to be a user not a sysadmin! Anyway, i would still like to be warned if i am being redirected ill go looking for existing bugs about redirect tomorrow and open a new one if necessary thanks

> i want to be a user not a sysadmin! Understood, but you've got a wrong address to complain about that to. The one you need definitely ends with @microsoft.com ;))) > Anyway, i would still like to be warned if i am being redirected > ill go looking for existing bugs about redirect tomorrow and open > a new one if necessary Sounds great. Please keep in mind that Mozilla is a cross-platform product, and implementing protection measures for one [buggy] platform may be pretty unwise as it will cause unnecessary overhead for other platforms. ==> INVALID Reasons: 1) Not a Mozilla bug (w95/98 bug as per Microsoft bulletin) 2) Original reporter agreed with resolution (as per comment 3). (Higher authorities might disagree and reopen the bug)

> i want to be a user not a sysadmin! that goes for linux too, but things like apt-get/up2date/urpmi and the X setup tools (http://www.ximian.com/devzone/projects/xst-devel.html if only any/more distributions would use the same tools) are the Linux Standards Base (LSB) are good steps in the right direction. But this is completely offtopic :) I am okay with this being marked as invalid. I am still worried about malicous redirects or having my browser hijacked so more status information would definately be welcome. If i cannot find an existing relevant bug i may yet post a bug report requesting some sort of give extra warning on http meta-refresh redirects or perhaps some way to force all redirects to wait at least N (N=5,10,...) seconds. This would help make it more obvious to users when their back button seems not to work because of 0 second meta-refresh redirects, and forcing up the minimum allowed time before allowing a meta-refresh would give users enough time to actually use the back button.