DOM flaw can crash many browsers
A proof-of-concept shows that not all browsers are affected by the problem. In a test on a Windows Vista system, only Internet Explorer 8 was affected and crashed. Firefox, Safari and Chrome seemed unaffected. Opera used a large amount of RAM but remained operational – according to G-SEC this problem is fixed in the forthcoming version.
G-SEC say that, Firefox 2.0.19 and 3.0.5 fix the problem, but earlier versions will use up all available memory and then crash, as will older versions of Chrome and Safari. On a system with Konquerer and Ubuntu, it was found that either the browser crashed or the system rebooted. The reboot is apparently caused by Ubuntu's memory management system killing a random process, rather than the memory hogging process.
Thierry Zoller points out that this is an old vulnerability, first found nine years ago in Netscape 6. As other browsers vendors sought to make their browsers compatible, the same mistake was made in all common browser engines before G-SEC brought it to their attention.