"One bug to rule them all" vulnerability in KJS?
Jaroslav Reznik
jreznik at redhat.com
Wed Jul 22 19:47:32 BST 2009
On Wednesday 22 July 2009 20:19:34 David Faure wrote:
> On Friday 17 July 2009, Maksim Orlovich wrote:
> > On Friday 17 July 2009 00:21:03 Michael Pyne wrote:
> > > There is a flaw provocatively labeled "One bug to rule them all" at
> > > this link: http://www.g-sec.lu/one-bug-to-rule-them-all.html
> > >
> > > The author claims to have contacted KDE regarding Konqueror and
> > > received no response. The bug itself is a unconstrained memory
> > > allocation using the select() JavaScript function (or something like
> > > that). I have not tested the vulnerability since I have to be up in
> > > about 6 hours to checkout of this hotel and hit the road again. :-/
> >
> > Yes, it's a rather simple way of allocating lots of memory, which can be
> > "addressed" by arbitrary limits. There are, however, lots of other ways
> > of doing it, and I could probably get any browser to OOM with a bit of
> > effort.
>
> The fix for this was committed today by Jaroslav Řezník.
Hi,
I missed this thread ;-) It's commited as #1001060. Thanks goes to Ianko from
our security response team for announcement. They serve us with KDE security
issues.
It's another bug caused by webdesigners... Length is read only by
specification!
Jaroslav
PS: I really like bug codename :D
More information about the kde-core-devel
mailing list