Slashdot Mirror
Firefox Zero-Day Code Execution Hoax?
Akon writes, "eWeek is running a follow-up story on the claim by two hackers that Firefox's implementation of JavaScript is critically flawed and could result in code-execution attacks. Turns out this is a possible hoax that was overblown for laughs." Mozilla's engineers say the risk is limited to a denial-of-service issue. From the article: "'As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has... I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code,' Spiegelmock said." Spiegelmock also stated that the claim that there were 30 other undisclosed exploits was made solely by his co-presenter, Andrew Wbeelsoi.
The first time that I actually started to worry that FF might have a problem, and that I should be careful, it turns out to be a hoax. I don't know whether to be happy about this or not?
Support NYCountryLawyer RIAA vs People
The NoScript extension is like a firewall for your browser. I install it on every computer I can lay my hands on.
Neither am I.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Or until someone wastes time taking you seriously.
Yelling "bomb" in an airport isn't funny. Neither is this.
Next time, make it painfully obvious you are joking so people don't waste valuable time.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
No change there then.
So, let me get this straight. Microsoft opens the code for their browser and lets people look at it, and submit "patches". All patches must go through a slow for approval (for good code) process. Anyone who releases it on their own is sued for copyright violations. And anyone who reports a bug mysteriously reports the next day it was a hoax and a joke.
I want this Microsoft FUD to stop right now!
oh, wait, this is Mozilla? Err.. umm...
I wholly support Mozilla Corparation's moves in the Open Source community, they are right in this case, and anyone who goes against them is against successful open source projects.
Have you read my journal today?
And, this should noted, this should NOT be limited to security exploits and hoaxes. It's twice as true for news that really matter. Too many people want to believe what they hear as long as it fits their personal point of view, without even questioning whether something is true or not.
As long as it fits into their view of the world, it becomes true for them and they perpetuate the lie.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This is to be taken with a grain of salt and not as a proof of anything until further inquiries, but since it's going to be posted anyway it may as well be posted with some warnings:
A blog called Geemondo also reports that Mischa Spiegelmock seemed to have had dinner with Microsoft guys.
(PS: mods, if you want this post to be seen without me karma whoring, just mod it funny)
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Now I don't feel so bad for making fun of their last names!
I'll bring the feathers.
There is also a post about this on the Washington Post. Apparently, they were just having fun?
If I was Alistapart, I would have gotten rid of this "clown" immediately.
[alk]
at all my peeps who are pro-IE. They bashed me with this zero day thing till kingdom come and now I get to throw this back in their faces. Funny... I get to do the same thing about the Buffalo Bills.
Help me get a new laptop - http://nocreditcard.yourgiftsfree.com/?id=3012
Are nerds really that unsocialized that something like this qualifies as humor?
The skillless losers from Bantown whose purpose in life is to stir up pointless drama don't actually have any real exploits? Surprising.
Turns out this is a possible hoax that was overblown for laughs
Knee jerk reactions and FUD just doesn't happen here on slashdot. We have cooler heads than that.
FireFox has no exploits. All exploits are actually in IceWeasel, to avoid legal action from Mozilla.
In other news, Microsoft has said thet their version of Genuine Internet Explorer has no bugs, and any bugs, must be due to a bad download, or user tampering. As such, all user installs of Internet Explorer will be renamed to "Meshed-Screen Interpolated E-reader" (MSIE for short), and will subsequently be subject to licensing fees.
Have you read my journal today?
Somebody may have some anecdotal 'evidence' that they ran it with a small memory print but generally Firefox will bloat to several hundred MB and keep climbing unless you close it completely and restart it. Don't go blaming it on extensions either, that's a cop-out that wouldn't fly if it was MS doing it.
Let the speculation about whether this was FUD funded by our favorite Redmond-ians begin
This is my sig. There are many like it but this one is mine.
So-called security experts who lie about exploits and vulnerabilities need to be held liable for their statements. Their remarks were libelous whether they were done in jest or not.
They need to be made an example of...
I think that these two were looking for a little fame ... and did not realize how the professionals would react to their claims.
Once they realized that the professionals (who are better programmers than they) were looking into their claims, they fell back on the "it's a joke" claim.
You obviously don't use GMail,
You can use GMail just fine without JavaScript. It complains and writes you a message at the bottom of every page saying something like 'To take full advantage of Gmail, use a supported browser...'
It does however still work just fine without it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
It takes a very rare and specific skill set to write a memory corruption exploit. The fact that one person was unable to go from overflow to arbitrary code execution proves absolutely nothing about whether doing so is possible.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
If the CNET folks didn't get it, the panel should've made sure they did.
Any prank like this NOT done on 1 April needs to end with "and for those of you who left your sense of humor at home, the preceeding presentation was 100% pure entertainment and any resemblance to reality was purely to tweak your nose. Please stay for the next panel on novel approaches to perpetual motion. Thank you."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Andrew Wbeelsoi is an anagram for Barelee (barely) Windows or A Windows Rebel (extra e).
Mischa Spiegelmock is an anagram for "Im lame. Check gossip."
Odd.
Seriously, I'm not.
Colour me paranoid, but this looks like Spiegelmock got a call from the spam/botnet mafia: "We know where you live. Deny everything, or else...".
If it's Firefox it's a bug.
Features don't get fixed unless they're in danger of being sued. Bugs get fixed as people can get to them.
-- Tigger warning: This post may contain tiggers! --
Now people claiming to "represent wbeelsoi" are claiming that despite Spiegelmock not knowing about it, the 30 exploits are real, and it looks like they're even trying to extort MoCo for $50K?
I must say, the reason I wanted to avoid Opera is not because of the software itself. It's the political reasons. I don't lose very much by staying with FireFox, who's open source ideals I agree with more than Opera. That's assuming Opera truly is better. I do, however, respect Opera for sticking their neck out as an alternative browser.
Reality is nothing but a collective hunch.
is anybody really surprised this is a fake? i mean look at how stoned they are!
You mean Six Apart hasn't sacked Spiegelmock yet? What's Mena waiting for? Maybe she's having all the chairs in her office bolted down in case she has the sudden urge to impersonate Steve Ballmer during the exit interview. I know if I caught an employee pulling the shit Spiegelmock just did on my watch, I'd need the most sound-isolated conference room in the building.
This sig intentionally left blank.
would it be funny to everyone if this was IE?
>Maybe we could debunk the Firefox is a memory hog [mozillazine.org] hoax, too.
We could if it *were* a hoax. Since it's reported by decent folk all over the place, I don't think we can.
If the problem really is just extensions, then Mozilla *still* needs to do something about it. Don't list them on the official extensions list until they are fixed. As somebody in the thread you linked to mentioned, what's the point of using FF if you can't use extensions?
Have the Debian folks come up with a new name for Firefox yet? If not, I suggest Firehog.
This guy's the limit!
firefox.exe: 101,148 KB
That's since I've started running it this morning, a good five hours ago. I expect a browser to make it through a work day without restarting.
Not a memory hog my ass.
The fun thing is that it keeps on going up as I type this. And keep in mind that's to the nearest kilobyte, this post doesn't contain much more than 1-2KB of text, and it's gone up an entire MB! (Whoops - more than 1MB now.)
He ain't so easy on the eyes, is he. Oh wait, I should be careful. He might not hack my browser! Nooooooooo!
Fix the copy and paste? In both Windows and Linux it works fine for me.
by the time it's made it to Slashdot, or any other major website for that matter..it is highly unlikely that it is actually "Zero-Day" (aka "0day"). Zero-Day would mean that the exploit was really fresh, as in very few people are aware of the exploit. Or, interpreted literally, it would mean that it had been less than 24-hours after it is first discovered.
Why are people trying to resurrect this old buzzword? It is starting to get old (re: 'TERRORIST' old..).
I'm not impressed. I thought this was supposed to be a tech-savvy website?
Censorship is obscene. Patriotism is bigotry. Faith is a vice. Slashdot 2.0 sucks.
If it's not a hoax, it's fucking close to one. Sure, back in the 1.x days, problems ensued, but post-1.5 Firefox is freaking ridiculous with the amount of punishment it can take (and i sure do love dishing it out.)
Linux, you magnificent bastard, I read the fucking manual!
Fix the copy and paste? In both Windows and Linux it works fine for me.
I'm scratching my head too. Just to test things out I just copied and pasted from web page to location bar, web page to editor, web page to konsole session using either the mouse or keyboard shortcuts. Everything worked as expected, including shift-insert.
Time is what keeps everything from happening all at once.
For example, the modern military body-armor. It is still possible to hurt a soldier into the neck or leg.
I mean the state (or states) should attack the culprits back and bring them to justice for the harm they invoke.
When I was in my teens, a local high school student killed himself on stage during theatre practice.
From what I heard, he intentionally sneaked a real gun in place of a prop so he could go out with the cast watching.
This was a long time ago.
>So, I don't understand what the point is,
The point of what?
The situation is: lots of people complain about FF memory usage to this day, including 1.5+, how the memory usage grows over time while the program is open and being used. FF developers say "no it doesn't!" or "it's the extensions' falut!"
My point is, even if it is the fault of extensions, at a minumum FF needs to respond by not listing these extensions on their official list on their website. For many, many users the whole point of using FF is to be able to use various extensions. It does no good to say "the base browser is fine", when it comes to public perception of this problem. Any more than it did MS any good to say "it's the third party drivers causing the blue screens!" So point us to the extensions that *don't *leak. Or at a minimum don't point us to the extensions that *do* leak.
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
I recommend looking at this as a start:
1 51
http://forums.mozillazine.org/viewtopic.php?t=405
There seems to be 2 bugs related to copy and paste.
I've encountered this bug a number of times under Firefox for Windows. Copying/pasting text from the address bar and/or webpages will work fine for hours, and then out of nowhere it will just stop working until I quit then restart Firefox. I run into this probably once every few weeks. However, I've never been able to find any rhyme or reason behind it. All I can say is that it does happen.
This guy's the limit!
These days, "0day exploit" seems to have changed to mean "an exploit for which there is currently no fix". Not quite the same...
[Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment.
It's been 4 minutes since you last successfully posted a comment.]
It's official. Most of you are morons.
I've had this issue frequently. At least once or twice a day I will be unable to copy/paste something into the address bar of firefox. It will take 2 or 3 attempts, and suddenly it starts working again. Like parent, I've been able to find no particular reason it breaks when it does, nor what fixes it.
... for the Religious Right.
https://bugzilla.mozilla.org/attachment.cgi?id=241 005
I have trouble buying the whole just having fun angle. Call me paranoid, but I smell FUD...
When this happens, the location bar - although appearing focused - doesn't really have focus. Hit F6 to shift the focus and make copying work again.
It's a very frustrating bug, the more so because it's pretty much impossible to reproduce and thus fix. If you ever stumble upon exact steps that make this reliably reproducable, please report a bug with those steps at bugzilla.mozilla.org
Thanks for the tip. I'll try to keep it in mind. However, I'm pretty sure what you describe is a different bug from what I normally encounter (although I've definitely had the occasional address bar problem). The problem I usually have results in me not being able to copy text from a webpage at all. I would normally paste it into a text document from there, but Firefox's 'copy' command is greyed out in the Edit menu.
This guy's the limit!
Okay, you're right, that's a different bug. Although I could swear that one was well understood and fixed, including on 1.5.0.x. Are you running the absolute latest version?
There is breaking news that all windows bugs and exploits are actually hoaxes as well.
Hey genius, you replied to his sig ;)
>Hey genius, you replied to his sig ;)
;)
Keeps me humble
The point of what?
ROFL, you must be new here, that's my sig.
at a minumum FF needs to respond by not listing these extensions on their official list on their website
Fuck me that's a little draconian. How about, y'know, reading the user comments under each extension to see if it has any particular problems. Lazy attitudes like that are the reason IE dominates.
It does no good to say "the base browser is fine"
Actually, yes it does, ESPECIALLY when a) the stability gets better, b) new features get implemeted quickly and c) the base install works just fine. Seriously, back in the 1.x days, I was using at least a dozen extensions, now I'm down to 5, thanks to them making the base install better.
For many, many users the whole point of using FF is to be able to use various extensions
It's a selling point, sure, but the reason people use FF is because IT WORKS, quickly and securely. The extensions are icing on the cake and a strawman in your arguments. Last but not least, every single one of you who posts about FF memory problems never fails to forget to post any damn links to back up your assertions.
Now I'll grant you, the mozillazine forums are scary as shit, and any criticism, no matter its validity, is dealt with rather harshly. And I know my experience with FF is of course totally anecdotal, but I've been with it for a while, and as I mentioned earlier, I whale the shit out of it (on a creaky win2k platform, no less), but it just asks for more. How the fuck you people can just sit there and criticize ad nauseam about this shit boggles my mind. If you hate FF, don't use it. Meanwhile, I finally have a (windows) browser that does what I need it to do and I'm going to support the hell out of it.
Linux, you magnificent bastard, I read the fucking manual!
No, it's not.
I'm with some of the folks here about secondary verification.
Something deep inside me gives a knee jerk any time a developer or product engineer starts any sentence with "I have not succeeded in making this code do..." or "I cannot reproduce..." (no pun intended).
I think Firefox is pretty good. So far (since the first public betas), I get very few issues at runtime (besides the occasional spin-forever cursor when Firefox encounters a site with some really bad browser-side code.)
A Passionate Independent Musician
Anyone else notice that A. Wbeelsoi is an anagram for A. Web O' Lies?
Well seems like my notion was right after all.
They are nothing but sad wannabes, scriptkiddies who wanted to pose as l33t haX0rZ. Well, heads up guys, this will have been your last convention for quite some time because somehow quite unexpectedly (for you) most of the community didn't go "we really got punked!!! LOLOLOLOLOL! you win teh internets!" Bottom line. Don't be an asshole, or you will pay for it.
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
Just because it's grayed out does not mean anything (the menu item could e.g. just have missed the selection event). You could try copying using Cmd+c or whatever it is on your platform (Ctrl+c, etc.). This invokes the copying code directly.
Windows is like decaf - it tastes like the real thing, but it won't get you through the day.
The 2 problems I see are both to do with teh window in its frame.
Copy/Paste not working and Drag/Dropping pictures (into explorer folders)
The cure I have found is to maximize and then restore the window.
The Window refresh routine then appears to kick in and fix things for me.
liqbase
Moreover, what we used to call a 'hang' seems to be a DoS. In order for firefox to be DoSed, the browser needs to be performing some security-critical service. Firefox is not a service, it doesn't have anything in /etc/init.d/ or whatever your OS does. Firefox hangs.
I'm a keyboard shortcut guy. When those don't produce results, I look up to the menu items for some idea why. When the keyboard shortcuts don't work and the menu items are inexplicably greyed out, it's a bug.
This guy's the limit!
It leads to a piece of JavaScript - either an attempted proof of concept, or just an annoying fork bomb - I didn't bother to work out which, but either way, I recommend sticking with "Save As" or wget or what have you.
Everyone here should read this article:0 /zeroday_firefox_exploit_claime.html
1 /account_hijackings_force_livej.html).
http://blog.washingtonpost.com/securityfix/2006/1
It actually turns out that Mischa Spiegelmock and Andrew Wbeelsoi are closely related. As we all now know, Misa works for LiveJournal. Andrew Wbeelsoi is part of Bantown, who claimed responsibility for a Javascript attack on LiveJournal (see http://blog.washingtonpost.com/securityfix/2006/0
The two are obviously related, and LiveJournal should consider immediate termination of their employee Mischa, as he is in league with Wbeelsoi, who attacked LiveJournal members themselves.
Here as some nice quotes from the article:
"We do have exploits for all the stuff we're going to show you," the 21-year-old calling himself Wbeelsoi said. "We'll give them away to anyone who proves their actions are going to be politically motivated. We don't care what side you're on as long as you commit yourself to destruction."
"We were just trying to have some fun up there," Spiegelmock said.
Mozilla should really consider civil, if not criminal actions. Damage to the Firefox brand has already been done, regardless if the exploit is real or not.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
Just because it's grayed out does not mean anything ... uh, it means there's a bug. If there's no reason he shouldn't be able to copy, and the copy menu item is greyed out, that's called a "bug." Which is exactly what the parent is talking about.
Comment of the year
I happen to have semi-distant (FOAF-ish) contact with the folks in question, and I can assure you that this was purely a quest for lulz that succeeded far beyond any expectations they originally held (i.e this was nothing more than a fanstatically successful troll intended for hilarity's sake). I mean, come on: the file name for their presentation was "omfg.ppt", the "sploit" contained numerous references to "loldongs", they gave shouts to #bantown, etc. Only an uptight, self-serious open source zealoturd could've missed the humor.
seriously. just because you've got a stick up your ass because your favorite open sores project is being made fun of, doesn't mean their shit was unfunny. Google up omfg.ppt if you want to see the original lulz.
Mischa works for Six Apart _because_ Bantown "pwnzed" them two years back.
Six Apart didn't try to fight them, instead they tempted them with guided tours and positions in the company.
Utter idiocy.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
You do know that people from #bantown and so forth have in fact BEEN INVITED TO six apart and LJ's parties? It's just a joke from a group of people who get many lulz from internets jokes, don't get your panties in such a twist just because a couple of lolz have been had at some dumbass "we're taking over the world and we're serious and never mind that we're living in our parents' basement" open source project's expense.
If you can't convince them, convict them.
I have a great idea for the advancement of Open Source: let's put all the license debating, internets lawyer, mailing list clogging flapjaws and zealoturds in a great big pit and let them fight to the death over whatever the hell it is they're making a big self-important stink about this week. Debian political flamewars, Apache wankfests, LKML turd flingers, all of them: big pit, lots of melee weapons, napalm to settle it.
The rest of us can get back to Fucking Coding, which is the only thing that Gets Shit Done.
To drag this mini-rant back on topic: if the same effort that people have devoted here to defaming the messangers Mischa and Weeb (calling them variously crooks, cranks, juveniles, etc.; calling for them to be fired from their employers, calling for them to be sued, etc.) were put into some god damned code inspection and verification of the FF codebase (code peat bog? :P), then just MAYBE we'd have a better world tomorrow instead of the same old same old codebase being defended by a pack of slavering, self-righteous open source wingnuts.
Slow Down Cowboy!
It's been 11 minutes since you last successfully posted a comment.
It's been 12 minutes since you last successfully posted a comment.
How is it Firefox's fault that you're using extensions with memory leaks?
That blog post is 9% incoherent gibberish, 90% a pastebomb of Mischa apologizing that for other people's lack of a sense of humor, and 1% link to an easily faked image that PROCLAIMS to show a person who MIGHT be one of the presenters of a JOKE presentation eating what COULD be dinner with people who MAY or MAY NOT work for Microsoft.
Please, use a grain of salt before you believe everything you read on the internets, young man.
OT: It's been 25 minutes since you last successfully posted a comment. What the shit is this, taco? Are all your users as slow thinking and typing as your fucking gang of "urrr, css is hard, this is going to take a while" chimps?
Decent folk who don't understand memory management at all.
Let me put it this way:
Say you have 1 gig of ram. Say firefox is taking up "an unbelievable 500 megs!". If you wrote a program that allocated 600 megs of ram, you'd see firefox's memory usage shrink by 100 megs.
That's because firefox uses a memory cache. The ram used by the page you visited 3 pages ago is "free" but firefox has tagged it for caching. That means as long as the OS doesn't take it back, firefox will still have access to it.
This clearly show that gullibility is a flaw and sure these guys may be clowns but OSS is a big target for this kind of FUD - I say they showed that a major OSS project can be exploited by social engineering.
"Speigelmock" now that is funny.
Your search - omfg.ppt - did not match any documents.
Suggestions:
* Make sure all words are spelled correctly.
* Try different keywords.
* Try more general keywords.
my password really is 'stinkypants'
The images seem to be coming from the hoaxer / pranksters own site. Check the facts man, then be a moron if you want to. I could not understand what you wrote either!
So can I curse Taco too. Chimps rule! unlike imps like you.
I did not see you logged in, chimps don;t login because they are lazy and cool!!
What a fool believes, he sees, no wise man has the power to reason away.
Blackhat hackers really are ugly, disgusting losers. Nice skin, dude. Nice hair, too. Holy fuck.
The copy and paste problems I see on Windows seem to be related to the Office clipboard. I've effectively stopped using Office for a while and I don't have the issue anymore.
In some cases if you open the office clipboard manager (Ctrl+C twice, or via the menus) and click on the button to delete all the entries, the clipboard resumes working. However it does sometimes break when it says there's nothing in the clipboard manager history, so there's nothing to delete.
You might get a refound for defective appliance if you return to sense of humor right away.
The picture and idea is false, I don't know who is in that picture, but it's not mischa nor the guys from ms who were @ toorcon. Furthermore, I know they didn't eat out with anyone on saturday night, and they hid all day sunday in their hotel room.
copy/paste thing is fixed in 2.0... and in 1.5 if you encounter this, just view the page's source or info... (open and close) and you can copy/paste again =)
Despite having changed the browser.cache.memory.capacity setting on Firefox 1.5.0.7 — running only Talkback 1.5.0.7 and Adblock 0.5.3.042 — to 16MB (half of the automatic default for 1GB RAM) on the XP Pro-equipped employer-issued ThinkPad, I only have to leave the app open for a couple of days before it hits 300MB, and it never stops there. Because of this behavior, I now close Firefox prior to directing the ThinkPad to hibernate for the night, unless I happen to experience some masochistic desire to wait for its disk to thrash about for an excessive duration upon waking.
This is not at all convenient, but 1) it's still far better than using IE, and 2) for no real, quantifiable reason, I prefer Firefox over Opera.
1.5.0.7 and I ran into it this morning. First time for me though, didn't pay it much heed other than just restarting FF to get it to work.
Its hard to go from overflow to arbitrary execution. Its freaking trivial to go from arbitrary code execution to a black hat library. All the bad guys need is one really smart guy and that exploit is then in play for anyone with a modicrum of technical skill. Thus is pays to be really freaking vigilant about memory management.
Incidentally: you can fool some of the people all of the time, you can fool all of the people some of the time, but you can not fool all of the people all of the time. Similarly, you can manage some of memory correctly all of the time, and you can manage all of memory correctly some of the time, but you can never manage all of memory correctly all of the time. Programmers should exit, stage left, from the memory management business. It is a security vulnerability and it always will be, the same way crypto routines are always, perpetually vulnerable. Do with memory what we do with crypto: have guys far above my pay grade define a few primatives after subjecting the field to rigorous study, subject those primatives to massive amounts of testing lasting decades, and instruct mere mortals to never, ever, ever re-implement a primative even if they think after 2 hours of reflection "Hey, I can save 2% of my clock cycles and STILL be just as secure!"
Help poke pirates in the eyepatch, arr.
> I have not succeeded in making this code do anything more than cause a crash and eat up system resources
:D
Okay so it's not a bug at all, just normal Firefox behaviour. Fine, we can all rest easy
What is worrying is that now if a serious bug is found in Firefox, people will not believe it.
These guys just released a type of so called vulnerability. It is able to crash a system. But what the purpose to attract a user to webpage just to crash a system? Guys made useless job or came upon the vulnerability by ocassion and made some ad for themselves. And trick Mozilla's staff for a couple of days :)
Have fun while you live
So a pair of crackers get up on stage and describe an exploit with no proof and some people are surprised when it's a hoax. When you consider the primary motivation of many crackers, the hoax shouldn't come as a surprise. Every cracker or wannabe cracker that I've ever met is a sad individual with low self-esteem looking to counter this with a bit of ego boosting. Why else do a lot of the more theatrical exploit demonstations come with an obligatory swipe at the quality of the code they have supposeldy exploited? The truth is that many crackers are piss poor programmers who spend ages poring over code that they themselves lack the ability to have written. When they find a possible vulnerability, rather than reporting it to the authors and waiting for a timely security update to be released, they try and boost their own egos by demonstrations at some toe-curlingly named conference.
If you look at their blogsite you will find Microsoft mentioned in there. http://www.sixapart.com/ gives this on netcraft wich i find perticularly interesting....: "a.microsoft.com Microsoft Corporation, One Microsoft Way, Redmond, 98052, United States January 2005 AkamaiGHost" ...etc, the list goes on and it looks like an effort to hide something.
Are they affiliated with Microsoft in any way as this suggests its much worse than some stupid prank.
HTTP/1.1 400
Except it doesn't work that way. What actually happens is other apps can grab those 'free' blocks but in some circumstances FF refuses to recycle them until the operation that created the blocks completes. It mostly affects plugins but its catastrophic when triggered, I recently set the Scrapbook plugin capturing an 80mb+ page. I run a 2gb PC with no virtual memory, FF ran out of memory and crashed, even though the system thought most of that RAM was free FF didn't.
If FF didn't allocate 10x more RAM than the size of the resource its downloading it wouldn't matter, put the 2 bugs together and its a disaster.
As predicted here
FYI YMMV => I only spent 15 on this topic...
A fool throws a stone into a well and a thousand sages can not remove it.
Great artists steal.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
How much? I'm up for some easy money.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
There was going to be a presentation on a javascript XSS exploit in one of SixApart's most popular websites right afterwards too that sorta had to be called off at the last minute.
>Decent folk who don't understand memory management at all.
The problem isn't what it says in Task Manager, the problem is that simply leaving the browser open for a few days makes it slow and unresponsive. This is apprently due to a memory leak or three, but I'm not annoyed by it for some theoretical reason, but rather because of what practically happens.
For some reason I don't need to think about the memory management of my other applications, including the open source ones. Just Firefox.
>If you wrote a program that allocated 600 megs of ram, you'd see firefox's
>memory usage shrink by 100 megs.
That's the problem; it *doesn't* go back down. Nothing helps but to exit Firefox.
Hey, I'm living with it, still love and use Firefox. I don't have time to learn to hack on Firefox to fix it; I'm fine with it if the developers want to say that it's a problem they aren't interested in. What's annoying is their sheer denial of the problem.