Quote:
Originally Posted by Brian
Here's how the plugin can cause us to crash:
Browser plugins have all the bad features of the memory system that OS 9 and earlier used, where apps could write information willy-nilly all over each other's memory.
We actually load browser plugins into our own address space; we give it a chunk of memory and trust it to stay within those boundaries. Sometimes it doesn't do so, unfortunately.
If a problem occurs in the plugin, all we get is a message from the system that says "hey, the plugin just wrote information outside of the space it was supposed to; I'm shutting it down." The plugin goes bye-bye, but we have to assume that the plugin just corrupted the information we stored in our own memory.
At that point, we have no good option other than to crash, or even worse things would happen down the line. (Say the plugin just wrote over the memory that we're using to store your bookmarks; you don't want that saved back out to disk when we shut down...)
From checking with the dev team, pretty much every browser operates this way and have this vulnerability.
|
Hey Brian, thanks so much for that info. It really helps. You guys should add stuff like that to the FAQ portion of this forum. Very, VERY helpful.