Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Bug Internet Explorer Microsoft Security

Bring Down Internet Explorer In Six Words 239

Posted by kdawson from the don't-you-think-she-looks-tired dept.
Marcion writes "Some handy Japanese guy called Hamachiya discovered a bug in Internet Explorer. Under certain conditions, an asterisk when used as a wildcard can crash IE as soon as the user attempts to go to another page." The article claims the "five HTML tags and a CSS declaration" crash IE7 as well as IE6, but I couldn't get IE7 to fail. This page says that as of June, IE6 was at about 37% market share and IE7 under 20%.
This discussion has been archived. No new comments can be posted.

Bring Down Internet Explorer In Six Words More

Bring Down Internet Explorer In Six Words

Comments Filter:

  • Hmm.. (Score:4, Informative)

    by wumpus188 ( 657540 ) on Wednesday August 08, 2007 @05:29AM (#20153867)
    It indeed crashes IE here... Windows 2K3, IE7

  • I know it's real subtle... (Score:3, Informative)

    by Etherwalk ( 681268 ) on Wednesday August 08, 2007 @05:57AM (#20154023)
    > as of June, IE6 was at about 37% market share

  • Re:If you don't speak Japanese.... (Score:5, Informative)

    by Barny ( 103770 ) on Wednesday August 08, 2007 @06:25AM (#20154153) Journal
    http://www.foxnews.com/story/0,2933,292245,00.html [foxnews.com]

    Ask and ye shall receive :)

    A bit anti-climactic really.

  • Re:html source is: (Score:3, Informative)

    by derrida ( 918536 ) on Wednesday August 08, 2007 @06:35AM (#20154201) Homepage
    And here is a link [nyud.net] to test it.

  • Re:Bring Down A Website In Six Words (Score:3, Informative)

    by Marcion ( 876801 ) on Wednesday August 08, 2007 @07:26AM (#20154465) Homepage Journal
    Classic, how cool is that! No smoke yet! Anyhow, here is the mirror if you can't get through right now:

    http://www.networkmirror.com/tQxFeWtOc31fVZfD/comm andline.org.uk/2007/how-to-bring-down-internet-exp lorer-with-six-words/index.html [networkmirror.com]

  • IE Usage @ w3schools? (Score:5, Informative)

    by asylumx ( 881307 ) on Wednesday August 08, 2007 @07:37AM (#20154517)

    as of June, IE6 was at about 37% market share and IE7 under 20%

    Yeah, but don't you think w3schools would be a bit biased? W3schools is a site full of tutorials and information for developers. Developers tend to prefer FireFox due to its robust plugin system and some of the excellent plugins for that system (Firebug, Web Tools, etc.) so I'm not surprised that FireFox has a higher rate of use on such a site. In fact, I am surprised that it's not higher!

  • Re:Is it crashed or not? (Score:5, Informative)

    by Bacon Bits ( 926911 ) on Wednesday August 08, 2007 @07:49AM (#20154601)
    It's not a crash, per se. It's a forced closure due to an illegal operation of one component of the browser with code in mshtml.dll.

    An exception was thrown that was not properly caught. The error is caused by improper error trapping. Otherwise, the browser would just render things improperly or claim there was an error on the page because it doesn't properly parse and render the style tag.

  • Funny, but not "Engrish" (Score:3, Informative)

    by Dogtanian ( 588974 ) on Wednesday August 08, 2007 @07:59AM (#20154659) Homepage

    I'm for replacing the current Slashdot moderation options with hilarious Engrish ones:
    Oh yeah, "It is strange funny".... that was one I loved. (I've been "reading" Slashdot Japan through Babelfish for quite a while now- that's where my sig comes from).

    However, it's misleading to call these "Engrish", as that normally refers to the use of bad English (or even pseudo-English) by the Japanese.

    By contrast, this is a quaint auto-translation of correctly-written Japanese. Okay, so the "cute" tone is probably down to the differences between Japanese language and culture as well... but it's still not Engrish per se.

  • So? One can easily crash Firefox too... (Score:4, Informative)

    by bradbury ( 33372 ) <`moc.liamg' `ta' `yrubdarB.treboR'> on Wednesday August 08, 2007 @08:24AM (#20154801) Homepage
    If the point of this item is to point out bugs in IE it isn't alone. I crashed a large Epiphany session with a segmentation violation a couple of days ago and its relatively easy to crash Firefox if you limit the amount of memory available using ulimit (Firefox doesn't catch "early" C++ memory allocation failures and handle them gracefully). Firefox also has the infamous "window unexpectedly destroyed" bug (#263160) for ~3 years (which will crash the browser if you attempt to close the untitled window).

    I suspect all of the Mozilla based browsers will effectively die if one throws enough "heavyweight" pages at them (i.e. those which are activity heavy [because there isn't a Javascript/Active HTML/Animated GIF scheduler]) or run out of swap space (again because memory allocation failures are not handled gracefully).

    IMO, developers place too much emphasis on feature enhancements rather than making the existing browsers run reliably (bugs shouldn't linger for 3 years), with a minimal machine footprint (Netscape 4.7x required significantly less memory than Firefox) and effective priority scheduling of the "top" window (user responsiveness).

  • Also crashes Outlook... (Score:4, Informative)

    by eglass1 ( 521686 ) on Wednesday August 08, 2007 @08:51AM (#20155031)
    If you include it in the body of an HTML mail message.

  • Re:Is it crashed or not? (Score:5, Informative)

    by GooberToo ( 74388 ) on Wednesday August 08, 2007 @09:05AM (#20155199)
    Pre-tell then, what is a crash?

    When an exception is thrown and is not properly caught. The error is caused by improper error trapping. This is a classic "crash." ;)

  • Re:Bring down my system in 13 chars. (Score:1, Informative)

    by Anonymous Coward on Wednesday August 08, 2007 @09:26AM (#20155463)
    Not entirely sure but it looks like a declaration of a recursive function with no base case. The function, named ':', is then called immediately after its declaration.
  • From here [euglug.org]

    It creates a function called ":" that accepts no arguments-- that's
    the ":(){ ... }" part of the utterance.

    The code in the function calls the recursively calls the function
    and pipes the output to another invocation of the function-- that's
    the ":|:" part. The "&" puts the call into the background-- that way
    the child process don't die if the parent exits or is killed. Note
    that by invoking the function twice, you get exponential growth in
    the number of processes (nasty!).

    The trailing ";" after the curly brace finishes the function definition
    and the last ":" is the first invocation of the function that sets off
    the bomb.

    Most unpleasant...


    Just replace ":" with some word, it will be easier to understand:

    kill(){kill|kill&};kill

    kill()
    {
    kill | kill &
    };
    kill

  • Re:IE Usage @ w3schools? (Score:3, Informative)

    by kebes ( 861706 ) on Wednesday August 08, 2007 @10:03AM (#20156057) Journal
    Yeah the w3schools [w3schools.com] stat of 34% firefox is higher than the global average. The Wikipedia page on browser share [wikipedia.org] summarizes statistics from a wide variety of sources (and includes links, of course). As can be seen, the values vary depending the location and types of sites used in the stats. According to some reports [xitimonitor.com], Firefox is nearing 28% usage across Europe. The global stats for generic sites seem to agree that Firefox usage is 12%-15%, versus Internet Explorer (all versions) being 75%-84%.

    Still, this is a huge shift from the 96% share IE had a few years back. The fact that some sites get 30% Firefox usage (actually I run a small site that gets 46% Firefox) means that web developers can no longer ignore coding to standards. This is a good thing.

  • Re:If you don't speak Japanese.... (Score:4, Informative)

    by uhmmmm ( 512629 ) <.uhmmmm. .at. .gmail.com.> on Wednesday August 08, 2007 @11:15AM (#20156975) Homepage
    Here's a quick translation I just did:

    Hello! Good afternoon!!!!!
    I stumbled across a browser crash, so today I'll tell you about it!

    Here it is!

    <style>*{position:relative}</style><table><input>< /table>

        Sample (If you're using IE, your browser will close! You have been warned!)

    It seems IE6 or programs using IE6 components will definitely crash!
    I haven't checked IE7 though!

    It seems to be when you have and input or select or such just below a table or tr or such,
    and you use the css wildcard * to set everything to position:relative.

    By the way, if the input has its style directly set to relative, it doesn't crash. What's up with that?
    I don't really get it, but it sure is interesting...!

    Anyone out there who loves Firefox or Opera should go spread this all over and decrease IE's market share!!!

  • Re:Tear in my eye (Score:3, Informative)

    by Miseph ( 979059 ) on Wednesday August 08, 2007 @11:23AM (#20157081) Journal
    Mac was taking it on the chin prior to about 2003 (when was it that Steve came back again?), their machines were lackluster and their marketing was weak. The release of OSX and their renewed marketing drive has brought them back from obscurity.

    This had nothing to do with FOSS, and everything to do with Apple reclaiming a large chunk of its niche who had moved to Windows (as a group, that is; many of the old school Mac users probably didn't migrate, but new users coming into the traditional Mac niches weren't flocking to Mac fast enough to maintain market share) in the absence of anything from Apple that could inspire them to pay the premium.

    This was totally unrelated to Linux/FOSS.

  • Re:Bring down my system in 13 chars. (Score:3, Informative)

    by bob.appleyard ( 1030756 ) on Wednesday August 08, 2007 @11:38AM (#20157337)
    The Bourne Shell, actually.

  • Re:Is it crashed or not? (Score:3, Informative)

    by ashitaka ( 27544 ) on Wednesday August 08, 2007 @12:19PM (#20157981) Homepage
    What does your office do? Hopefully nothing to do with computer development.

    What you just described is an application or process hanging. The app cannot respond to any user inputs or messages from the OS and the app or even the entire system in the worst case becomes unresponsive.

    When an app or process crashes it is no longer running and under a better-designed OS will have its memory cleaned up in garbage collection.

    (Developing since 1979)

  • Re:No. You're kidding. Can't be. (Score:4, Informative)

    by InsaneGeek ( 175763 ) <slashdot@RABBITi ... minus herbivore> on Wednesday August 08, 2007 @02:39PM (#20160327) Homepage
    > When was the last time you saw Firefox or Safari or Konquror able to be crashed with a malformed web page?

    Umm... 9 days ago?

    http://secunia.com/advisories/26201/ [secunia.com]

    The vulnerability is caused due to an input validation error within the handling of system default URIs with registered URI handlers (e.g. "mailto", "news", "nntp", "snews", "telnet"). This can be exploited to execute arbitrary commands when a user e.g. using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g. ".bat", ".cmd")

    This command would make firefox go "away"
    mailto:test%25../../../../windows/system32/tskill. exe [mailto] firefox.cmd

  • Re:Tear in my eye (Score:3, Informative)

    by riceboy50 ( 631755 ) on Wednesday August 08, 2007 @02:49PM (#20160509)

    when was it that Steve came back again?
    1997 [wikipedia.org].

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Close