Killing web browsers - part II

Posted Oct 28, 2004 12:32 UTC (Thu) by iabervon (subscriber, #722) [Link]

Unless someone is actually attacking people, there's no reason to send input this broken, because it won't look like anything useful on browsers which don't crash. Furthermore, crashing browsers isn't really all that bad, provided that they crash cleanly (by referencing a pointer initialized to NULL, e.g.). When I was using an old version of Konqueror, it would crash reasonably frequently, and I'd restart it and avoid the site that did it.

Posted Oct 28, 2004 14:29 UTC (Thu) by bfields (subscriber, #19510) [Link]

While certainly it's incorrect behavior for a browser to crash on random input, why has no one seemed to notice it until now? How many YEARS have we been using the "Wild Wild Web" and how many times has it killed our browsers? Apparently, not too often. I think this whole vulnerability has been blown 'WAY out of proportion, given the relevant information. Harumph!

The problem is that these bugs are frequently security holes--for example the browser may be crashing on certain input because a buffer overflow in the processing of that input caused a crucial data structure to be overwritten; but with additional work such a buffer overflow can (and often is) turned into an exploit by crafting just the right piece of data to stick in that crucial data structure.

More generally, once a program starts behaving in a way it wasn't designed to, it is difficult to tell whether it still honors the security guarantees it was designed to honor.

--Bruce Fields