"One bug to rule them all" vulnerability in KJS?

There is a flaw provocatively labeled "One bug to rule them all" at this
link: http://www.g-sec.lu/one-bug-to-rule-them-all.html

The author claims to have contacted KDE regarding Konqueror and received
no response.  The bug itself is a unconstrained memory allocation using
the select() JavaScript function (or something like that).  I have not
tested the vulnerability since I have to be up in about 6 hours to
checkout of this hotel and hit the road again. :-/

This is sent from my webmail and I haven't had time to check the mailing
lists, I apologize if this is a dupe.  If not we may want to investigate
this since it's now publicly disclosed.

Regards,
 - Michael Pyne

On Friday 17 July 2009 00:21:03 Michael Pyne wrote:
> There is a flaw provocatively labeled "One bug to rule them all" at this
> link: http://www.g-sec.lu/one-bug-to-rule-them-all.html
>
> The author claims to have contacted KDE regarding Konqueror and received
> no response.  The bug itself is a unconstrained memory allocation using
> the select() JavaScript function (or something like that).  I have not
> tested the vulnerability since I have to be up in about 6 hours to
> checkout of this hotel and hit the road again. :-/

Yes, it's a rather simple way of allocating lots of memory, which can be
"addressed" by arbitrary limits. There are, however, lots of other ways of
doing it, and I could probably get any browser to OOM with a bit of effort.