back to article Memory-hogging bug offers universal browser crash exploit

Security researchers have published details of a security flaw that can crash multiple browsers across multiple platforms. There are many more flaws out there that are more serious, but the security shortcomings in JavaScript's DOM (Document Object Model) are nonetheless noteworthy because the issue affects Firefox, Safari, …

COMMENTS

This topic is closed for new posts.

Let's be fair to MS for once...

I thought IE didn't handle Java natively these days. Don't you have to install the Sun runtime if you want to run Java in IE?

As such there's not a lot MS can do about it other than wait for Sun to update their code.

0
0
Linux

don't work on Firefox

Don't work on Firefox 3.5.1

0
0
FAIL

RE: Grease Monkey

Java != JavaScript

0
0

This post has been deleted by a moderator

This post has been deleted by a moderator

Silver badge

Javascript, not java

Nothing to do with java or sun. So we can happily go back to blaming M$ since firefox/opera have already managed to fix the problem.

0
0
FAIL

Not to worry...

According to the link, Microsoft says they'll fix it in IE9. So that's alright then.

0
0
Thumb Up

Isn't FF wonderful?

With no-script add-on, of course.

0
0
Happy

Shouldn't be a problem with NetSurf then.

Javascript = what javascript?

0
0
Bronze badge
Unhappy

Limits

So, apparently if you ask a browser to do an awful lot of work, it sometimes has problems?

Is that why my Fibonacci sequence won't run for more than a day or two on any machine?

0
0

Kazehakase looks ok

Kazehakase on Ubuntu looks ok so me and the other 3 guys will be ok :)

0
0
Pint

Let's be fair to Grease Monkey

We've all made that mistake once. It was 12 years ago for me and still bear the scars from a Java devver.

Back on topic, doesn't work in FF 3.011 either. *click* *click* *click* NS_DOM_ERROR_NOT_SUPPORTED.

Amazed at Ubuntu killing of random processes though.

0
0
FAIL

DOM is NOT part of JavaScript

See title (and http://www.w3.org/DOM/)

0
0
E 2
WTF?

Can do this to most any box without a browser

while (1)

void *foo = malloc(1000000);

Not the memory leak, just the massive allocation.

And though it isn't memory, there's always this gem:

while (1)

fork();

Whats the big deal?

0
0
Happy

At last a fair opportunity

to compare the vulnerabilities and patching priorities of all browsers across all platforms. See which browsers are fixed first and download them. Those that come in last are the least worth your consideration. Then everyone could shut up about browsers.

0
0
Troll

browsers are memory hogging bugs already

lynx forever!

0
0
Grenade

Slowdown

"by tricking a browser into allocating huge chunks of memory"

You mean trying to use ITV's TV Guide?

0
0
Flame

What? No mention about Safari?

All the other browsers have either fixed it or are letting it be (M$) but what about the golden child of the computing world?

Oh wait, thats right. Any mention of it on the forums will be deleted the user account deleted and the long arm of the lawyers with a defamation lawsuit to those who dared to badmouth Apple. My bad.

/Yes yes let the flames commence.

0
0
Unhappy

Forget the browsers!

Seems that Linux, or Kubuntu at least, fails it's duty as an operating system.

After watching Konqueror eat its way through 6GB of physical and 4GB of swap memory I can only conclude that I need to find a Linux kernel that actually works or get the NVIDIA drivers working under BSD or OpenSolaris ASAP.

Who knew mainstream Linux wasn't an operating system?

0
0
Gold badge
Thumb Down

More an implementation failure than a language failure

But isn't memory consumption always an issue in mobile devices?

0
0

It's a bit of a slow burner though...

I've clicked the button in IE8 about 3 minutes ago and it's currently sitting on a whopping 9.5MB of RAM and growing at a bit less than 1MB/minute. Admittedly it is growing but at this ratei it'll take about 24 hours to max out the physical memory I've got free and that's before it even starts paging...

0
0
FAIL

"Grease Monkey"

Say, with that handle, are you trying to write Greasemonkey scripts using Java by any chance?

That could explain any problems you've been experiencing.

0
0
WTF?

Not my Firefox, it doesn't

Just tested it with FF 3.0.11. A whole lot of nuffin happened. So there's only reason to panic if you haven't updated to latest patch, innit? Same old, same old...

0
0

@AC 15:40

Yes, but will it be allowed into the EU?

0
0
Silver badge
Boffin

IIRC

Javascript's only relationship to Java was a desire to ride the former on the latter's coat-tails back when Java was going to solve world hunger and then some.

0
0
Anonymous Coward

N97 seems to be immune

Just tried it out on my N97, nothing happens. Either the script doesn't work there or it's been fixed already.

0
0
Grenade

I wonder...

if I can I embed JavaScript in an email and send it to my mates new JesusPhone?

0
0
Joke

"The flaw works by tricking a browser into allocating huge chunks of memory"

I thought that was the default behaviour for Firefox?

0
0
Silver badge

You could...

Write 'exploits' like that till the cows come home.

I wrote one about 4 months ago that does exactly the same thing but faster with simpler code - on 64bit browsers /really/ fun stuff happens. Takes out opera, firefox, ie, safari.. you name it.

Don't see why these guys get credit for stating the obvious.

0
0

Surprised ?

You shouldn't be surprised at what happens on 'nix systems, as that is what the last-ditch kernel-based out-of-memory process killer does - trys to keep the O/S up by killing the hogs.

0
0
Terminator

That's nothing....

I've run my college final year (a natty little DOS based application) project on nearly every version of windoze I ever had access to, the best result was a total lock-up, usually I got the BSOD.

Still, what do you expect, writing directly to the screen.... Ahhhhh those were the days.....

0
0
Coat

Re: Cameron Colley

NVIDIA's drivers should work out of the box on OpenSolaris. In addition they are heavily tested as SMI ships NVIDIA boards in a number of their products.

Mine's the one with 2009.06 and an NVIDIA card in the pocket...

0
0
FAIL

Bare-in-mind..

.. that the code does NOT loop to cause this failure!

Pretty poor after 9 years and as a standard 'feature' of ...DOM..

Top marks to M$ for "just saying no" - But Bill, I just downloaded IE8!??!

*I downloaded it as there are times when we are forced to use IE....

0
0
This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2017