Bug#568485: webkit: denial-of-service via javascript document.write()

Alberto Garcia berto at igalia.com
Tue May 13 12:02:21 UTC 2014

On Fri, Feb 05, 2010 at 12:07:00PM -0500, Michael Gilbert wrote:

> > This is a pathetic description, and it has nothing to do with the
> > javascript engine. Writing an html page with that much <marquee>
> > tags will have the same effect. I'm also pretty sure you can find
> > other "advisories" for various other kinds of similar bad handling
> > of massive content.
> i know, but its now a published issue, and it works. the impact
> isn't at all important, but its worth tracking i guess.

I tested this, and it indeed freezes the browser tab, as expected.

In Chromium you just close the affected tab and the problem is solved.
Iceweasel does not handle it as nicely, but it pops a dialog after a
few seconds asking you if you want to stop the script. The tab can
also be closed and the browser keeps running normally.

Same with Epiphany, you can close the affected tab just fine. In this
last case, though, my tests suggest that the memory from that tab is
not freed, so we might have a legitimate case of a memory leak here.

If I'm not wrong Epiphahy 3.12 uses one web process per tab so
it's probably not affected by this problem, but I think it's worth
investigating the leak a bit further because it may affect other
applications using webkitgtk.


More information about the Pkg-webkit-maintainers mailing list