Microsoft has just released a fix for an issue I reported to them on December 4th, 2008. A simple repro can be found here.
Though I did not investigate the issue, it appears to be similar to MS05-20: it is triggered by having JavaScript running in one window create and delete EMBED elements with existing mime-types in another window in rapid succession. Because each window is running in its own thread in MSIE, the code must be thread-safe for two windows to interact correctly. This issues appears to be a re-entrancy problem that causes one thread to access data after that data was freed by another thread.
Quick links
-
Categories
- ASCII Art (2)
- Browsers (22)
- Debugging (2)
- Funny (5)
- Popups (3)
- Google (10)
- HTTP servers (1)
- Imagine Cup (7)
- Instant Messaging (1)
- Live Messenger (1)
- MediaWiki (2)
- notepad++ (1)
- Programming Languages (34)
- ASP (1)
- Assembler (7)
- batch scripts (4)
- C/C++ (2)
- HTML (4)
- JavaScript (17)
- php (5)
- Python (4)
- Registry (4)
- Security (22)
- Uncategorized (9)
- Video (1)
- YouTube (1)
-
Archives
Leave a Comment