Slashdot Mirror


IE Shines On Broken Code

mschaef writes "While reading Larry Osterman'a blog (He's a long time Microsoftie, having worked on products dating back to DOS 4.0), I ran across this BugTraq entry on web browser security. Basically, the story is that Michael Zalewski started feeding randomly malformed HTML into Microsoft Internet Explorer, Mozilla, Opera, Lynx, and Links and watching what happened. Bottom line: 'All browsers but Microsoft Internet Explorer kept crashing on a regular basis due to NULL pointer references, memory corruption, buffer overflows, sometimes memory exhaustion; taking several minutes on average to encounter a tag they couldn't parse.' If you want to try this at home, he's also provided the tools he used in the BugTraq entry."

2 of 900 comments (clear)

  1. Re:His examples do not really crash Firefox by XO · · Score: 1, Flamebait

    i find it fun that lots of people are putting firefox through all these tests and not having problems.. whereas, no matter what I do in Firefox, it crashes.

    every single click to load another page. Boom! Seg fault!

    --
    "Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
  2. Re:An important security sidenote by Anonymous Coward · · Score: 0, Flamebait

    You're an idiot and jeopardizing the security of your enterprise users just by being in a position to make a decision. I feel really bad for the CEO/CIO if he has to take legal sign-off for Sabanes-Oxley or anything else with jackasses like you in the field. Of course, it's his fault he hired you in the first place.