"One bug to rule them all" vulnerability in KJS?
jreznik at redhat.com
Wed Jul 22 19:47:32 BST 2009
On Wednesday 22 July 2009 20:19:34 David Faure wrote:
> On Friday 17 July 2009, Maksim Orlovich wrote:
> > On Friday 17 July 2009 00:21:03 Michael Pyne wrote:
> > > There is a flaw provocatively labeled "One bug to rule them all" at
> > > this link: http://www.g-sec.lu/one-bug-to-rule-them-all.html
> > >
> > > The author claims to have contacted KDE regarding Konqueror and
> > > received no response. The bug itself is a unconstrained memory
> > > that). I have not tested the vulnerability since I have to be up in
> > > about 6 hours to checkout of this hotel and hit the road again. :-/
> > Yes, it's a rather simple way of allocating lots of memory, which can be
> > "addressed" by arbitrary limits. There are, however, lots of other ways
> > of doing it, and I could probably get any browser to OOM with a bit of
> > effort.
> The fix for this was committed today by Jaroslav Řezník.
I missed this thread ;-) It's commited as #1001060. Thanks goes to Ianko from
our security response team for announcement. They serve us with KDE security
It's another bug caused by webdesigners... Length is read only by
PS: I really like bug codename :D
More information about the kde-core-devel