[Webkit-unassigned] [Bug 19270] New: WebKit crashes running IE Bait & Switch attack page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 27 11:29:45 PDT 2008


           Summary: WebKit crashes running IE Bait & Switch attack page
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: PC
               URL: http://lcamtuf.coredump.cx/ierace/
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: eric at webkit.org

WebKit crashes running IE Bait & Switch attack page

Mac Safari does not seem vulnerable to the IE Bait and Switch attack.  I don't
really suspect that Win Safari is either.  However, closing the attack window
(the window which pops up and loads google.pl repeatedly) while the test is
running crashes Safari.

I was using Safari 3.1 with heap-checking enabled (gflags.exe).

1.  Open http://lcamtuf.coredump.cx/ierace/
2. Click on "Click here to begin test"
3.  Close the window that appears and is running the test (opening google.pl
4.  Crash!

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list