LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Handling kernel security problems

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

How to kill a web browser

How to kill a web browser

Posted Oct 21, 2004 11:23 UTC (Thu) by melevittfl (guest, #5409)
Parent article: How to kill a web browser

I don't think it's fair to call this a security issue.

The worst that heppens is you restart the browser and avoid loading the same page.

I also don't think this means IE is "better" or "higher quality" or whatever.

All this means is that someone at MS wrote a test case that fed garbage HTML to the browser and then they fixed it whenever it crashed. It's not as if they are just magically smarter or better, they just had the resources to test a wider coverage.

(Log in to post comments)

How to kill a web browser

Posted Oct 21, 2004 11:56 UTC (Thu) by zezaz (subscriber, #5465) [Link]

This is most probably a security issue. If firefox dies like this, it should not be too hard for a competent cracker to write a page that relies on a buffer overflow to execute code on the client PC. This is not just about your browser dying.

I don't think that this article said there was magic in MSIEs more robust behaviour on this tests either. One of the biggest strengths of MS is the ability to hire the resources to make their products adhere to some quality standards. They relied on this to overcome all their concurrents.

This ability certainly has been much underestimated by many, claiming that IE was horribly bug-ridden, whereas mozilla/firefox/links/emacs-w3-mode... was much better because of code quality. This is the point of this article, and i completely agree with its author. MS should not be underestimated, and opensource programs should not be overestimated.

How to kill a web browser

Posted Oct 21, 2004 23:00 UTC (Thu) by jonabbey (subscriber, #2736) [Link]

En anglais, on dit 'competitor', et non 'concurrent'. ;-)

How to kill a web browser

Posted Oct 28, 2004 10:30 UTC (Thu) by zezaz (subscriber, #5465) [Link]

Drat! Je sentais bien que ça ne collait pas! Concurrent est un superbe faux ami, merci de la correction :)

How to kill a web browser

Posted Oct 21, 2004 17:19 UTC (Thu) by smoogen (subscriber, #97) [Link]

All this means is that someone at MS wrote a test case that fed garbage HTML to the browser and then they fixed it whenever it crashed. It's not as if they are just magically smarter or better, they just had the resources to test a wider coverage.

They might even have used a bunch of tests that Spyglass QA (the original writers of MSIE1.0) gave them as part of the sale. Netscape also had a large testing amount of pages that contained lots of bad text for people to try at. The main issue is that it is man-power intensive in looking at pages and seeing a) if a crash occurred and b) where it occurred.

How to kill a web browser

Posted Oct 21, 2004 20:08 UTC (Thu) by Baylink (subscriber, #755) [Link]

Wow, a large collection of HTML pages broken in various ways for testing browsers. That sounds like a project suited to the Open Source Community...

How to kill a web browser

Posted Oct 22, 2004 2:53 UTC (Fri) by bronson (subscriber, #4806) [Link]

Heck, that sounds like the World Wide Web!

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.