Skip to comments.Memory-hogging bug offers universal browser crash exploit
Posted on 07/17/2009 10:02:01 AM PDT by ShadowAce
Security researchers have published details of a security flaw that can crash multiple browsers across multiple platforms.
The flaw works by tricking a browser into allocating huge chunks of memory, behaviour likely to result in a crash.
This isn't in itself a problem if the memory area is defined as read only, but problems arise in the many cases where browsers fail to stop overwrites, leading to two processes trying to get at the same portion of memory at the same time and therefore provoking browser crashes.
The flaw presents a browser crash rather than malware injection risk in all cases. Crashing is most easily achieved on IE, with all versions of Microsoft's browser affected. Versions of Ubuntu running Konquerer might be forced to reboot if exposed to attacks based on the bug because of a memory management failure issue.
By contrast Opera, Chrome and Firefox have all been patched to defend against the flaw - so only older versions of those browsers are affected.
A security advisory from G-Sec, including proof of concept code, explains the issue in far greater depth here. ®
Ouch, my brain!
This one sounds like what I’ve been experiencing for the past week or so...
...switching from Safari to FireFox.
Thanks for posting!
NoScript shuts off Java and other scripts until you allow them. Adblock shuts down most ads, along with pop-up, pop-over, pop-under, and tower. Great additions.
WOW. Thanks, mate! You beauty!!
Click “Tools” and “Add-ons” to search and set up those FF apps you’d like. I’m still on Rev.3.0.11, as some of the add-ons I have aren’t set up for the 3.5 version yet, but both of those are. Enjoy!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.