Bug 19270
| Summary: | WebKit crashes running IE Bait & Switch attack page | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Eric Seidel (no email) <eric> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | abarth, ap, sam |
| Priority: | P1 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | Windows XP | ||
| URL: | http://lcamtuf.coredump.cx/ierace/ | ||
Eric Seidel (no email)
WebKit crashes running IE Bait & Switch attack page
Mac Safari does not seem vulnerable to the IE Bait and Switch attack. I don't really suspect that Win Safari is either. However, closing the attack window (the window which pops up and loads google.pl repeatedly) while the test is running crashes Safari.
I was using Safari 3.1 with heap-checking enabled (gflags.exe).
1. Open http://lcamtuf.coredump.cx/ierace/
2. Click on "Click here to begin test"
3. Close the window that appears and is running the test (opening google.pl repeatedly).
4. Crash!
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Eric, does this still happen for you? Could you attach a crash log?
Eric Seidel (no email)
I haven't used Windows Safari in a very long time.