Home > Uncategorized > Major Browsers Affected by Java Script Flaw

Major Browsers Affected by Java Script Flaw

November 30, 2004

It’s not rare when a flaw disables Microsoft Internet Explorer (IE), but it is rare when the same flaw affects alternative browsers as well.

A new flaw was just disclosed on security mailing lists. The bug causes the browser to crash and could potentially form the basis of an exploit that would affect virtually all major browsers.

The bug has been called the Infinite Array Sort Denial Of Service Vulnerability and causes the affected browsers to execute an infinite JavaScript array sort. That operation in turn effectively causes a DoS on the browser in question and causes it to crash by exhausting stack memory.

The following example will cause the browser to crash:

< html >
< script > a = new Array(); while (1) { (a = new Array(a)).sort(); } </ script >
< script > a = new Array(); while (1) { (a = new Array(a)).sort(); } </ script >
</ html >

Opera has not released any patches as of the time of this posting.

Update: After posting the example flaw, my browser kept on crashing when I would login to my Blogger account, I couldn’t even edit the post. I had to disable Java Script, and then add spaces to the html tags so that the browser doesn’t think they are Java Script tags (I used the &gt; for the “>”).

Advertisements
Categories: Uncategorized
%d bloggers like this: