[Webkit-unassigned] [Bug 19270] New: WebKit crashes running IE Bait & Switch attack page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 27 11:29:45 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19270

           Summary: WebKit crashes running IE Bait & Switch attack page
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: PC
               URL: http://lcamtuf.coredump.cx/ierace/
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: eric at webkit.org


WebKit crashes running IE Bait & Switch attack page

Mac Safari does not seem vulnerable to the IE Bait and Switch attack.  I don't
really suspect that Win Safari is either.  However, closing the attack window
(the window which pops up and loads google.pl repeatedly) while the test is
running crashes Safari.

I was using Safari 3.1 with heap-checking enabled (gflags.exe).

1.  Open http://lcamtuf.coredump.cx/ierace/
2. Click on "Click here to begin test"
3.  Close the window that appears and is running the test (opening google.pl
repeatedly).
4.  Crash!


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list