Microsoft has just released a fix for an issue I reported to them on December 4th, 2008. A simple repro can be found here.
Though I did not investigate the issue, it appears to be similar to MS05-20: it is triggered by having JavaScript running in one window create and delete EMBED elements with existing mime-types in another window in rapid succession. Because each window is running in its own thread in MSIE, the code must be thread-safe for two windows to interact correctly. This issues appears to be a re-entrancy problem that causes one thread to access data after that data was freed by another thread.
Quick links
-
Categories
- ASCII Art (2)
- Browsers (19)
- Debugging (2)
- Funny (5)
- Popups (3)
- Google (10)
- Imagine Cup (7)
- Instant Messaging (1)
- Live Messenger (1)
- MediaWiki (2)
- notepad++ (1)
- Programming Languages (32)
- Assembler (7)
- batch scripts (4)
- C/C++ (2)
- HTML (3)
- JavaScript (15)
- php (5)
- Python (4)
- Registry (4)
- Security (20)
- Uncategorized (9)
- Video (1)
- YouTube (1)
-
Archives


Leave a Comment