Feeds

Memory-hogging bug offers universal browser crash exploit

DOM and dumber

Providing a secure and efficient Helpdesk

Security researchers have published details of a security flaw that can crash multiple browsers across multiple platforms.

There are many more flaws out there that are more serious, but the security shortcomings in JavaScript's DOM (Document Object Model) are nonetheless noteworthy because the issue affects Firefox, Safari, Opera, Chrome and Internet Explorer to a lesser or greater extent. Even smartphones, such as the iPhone and Nokia N95, as well at the Sony PS3 might be forced to crash using the approach, obliging users to reset devices.

The flaw works by tricking a browser into allocating huge chunks of memory, behaviour likely to result in a crash.

Using JavaScript's DOM (Document Object Model) to create a selection menu on a web page with a very high value sets up the trick. H Security explains that the coding trickery results in a huge allocation of memory.

This isn't in itself a problem if the memory area is defined as read only, but problems arise in the many cases where browsers fail to stop overwrites, leading to two processes trying to get at the same portion of memory at the same time and therefore provoking browser crashes.

The flaw presents a browser crash rather than malware injection risk in all cases. Crashing is most easily achieved on IE, with all versions of Microsoft's browser affected. Versions of Ubuntu running Konquerer might be forced to reboot if exposed to attacks based on the bug because of a memory management failure issue.

By contrast Opera, Chrome and Firefox have all been patched to defend against the flaw - so only older versions of those browsers are affected.

A security advisory from G-Sec, including proof of concept code, explains the issue in far greater depth here. ®

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.