Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Browser Heaps

Browser Heaps

From: John Paterson <john9434_at_gmail.com>
Date: Mon, 5 Nov 2007 16:40:27 +0100

I've been experimenting with Browser heaps and have some question. In
Internet Explorer I see two large heaps, one with the base at
0x00030000 and the other with the base at 0x00150000. From what I
understood, the heap at 0x00150000 is the process default heap and can
be manipulated by allocating and freeing strings in JavaScript via ie.
HeapLib. What is the first heap for, the one at 0x00030000? Is there
some way to manipulate it?

In Firefox I see just one large heap with the base at 0x00030000.
Apparently JavaScript strings can be used to manipulate it. However, I
was wondering is there some kind of simple way to trigger garbage
collection in Firefox JavaScript implementation, similarly to calling
CollectGarbage() in Internet Explorer. Or is there some kind of
workaround for this?

Thanks in advance!
Received on Nov 05 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos