Microsoft has just released a fix for an issue I reported to them on December 4th, 2008. A simple repro can be found here.
Though I did not investigate the issue, it appears to be similar to MS05-20: it is triggered by having JavaScript running in one window create and delete EMBED elements with existing mime-types in another window in rapid succession. Because each window is running in its own thread in MSIE, the code must be thread-safe for two windows to interact correctly. This issues appears to be a re-entrancy problem that causes one thread to access data after that data was freed by another thread.
Quick links
-
Categories
- ASCII Art (2)
- Browsers (28)
- Debugging (2)
- Funny (5)
- Popups (3)
- Google (11)
- HTTP servers (1)
- Imagine Cup (7)
- Instant Messaging (1)
- Live Messenger (1)
- MediaWiki (2)
- notepad++ (1)
- Programming Languages (40)
- ASP (1)
- Assembler (7)
- batch scripts (5)
- C/C++ (2)
- HTML (7)
- JavaScript (20)
- php (6)
- Python (4)
- Registry (4)
- Security (29)
- Uncategorized (10)
- Video (2)
- YouTube (1)
-
Archives
Leave a Comment