Microsoft has just released a fix for an issue I reported to them on December 4th, 2008. A simple repro can be found here.
Though I did not investigate the issue, it appears to be similar to MS05-20: it is triggered by having JavaScript running in one window create and delete EMBED elements with existing mime-types in another window in rapid succession. Because each window is running in its own thread in MSIE, the code must be thread-safe for two windows to interact correctly. This issues appears to be a re-entrancy problem that causes one thread to access data after that data was freed by another thread.
Quick links
-
Categories
- Art (3)
- ASCII Art (2)
- Browsers (41)
- Chrome (12)
- Extensions (1)
- Firefox (14)
- Plugins (5)
- Internet Explorer (16)
- Opera (8)
- Safari (10)
- Chrome (12)
- Debugging (2)
- Email (1)
- Funny (6)
- Popups (3)
- Google (11)
- HTTP servers (1)
- Imagine Cup (7)
- Instant Messaging (1)
- Live Messenger (1)
- MediaWiki (2)
- notepad++ (2)
- Programming Languages (54)
- Registry (4)
- Security (38)
- Uncategorized (9)
- Video (2)
- YouTube (1)
- Art (3)
-
Archives
- February 2012
- November 2011
- May 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- October 2009
- September 2009
- August 2009
- July 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- October 2008
- September 2008
- August 2008
- July 2008
- May 2008
- April 2008
