
Flash Crash (Warning, may crash your browser) - zain
http://flashcrash.dempsky.org/
======
davidu
If it crashes you:

$ lynx --dump <http://flashcrash.dempsky.org/>

    
    
       If you are reading this from a browser using Adobe's Flash Player
       plug-in (i.e., if you see a blue rectangle below), it will probably
       crash within the next few seconds. :-(
       [EMBED]
    
         "Regarding crashing, I can tell you that we don't ship Flash with
         any known crash bugs, and if there was such a widespread problem
         historically Flash could not have achieved its wide use today,"
         Lynch wrote. "Addressing crash issues is a top priority in the
         engineering team, and currently there are open reports we are
         researching in Flash Player 10."
         [1]Adobe Defends Flash, Calls Apple Uncooperative
    
       This page exploits a bug that I reported to Adobe in September 2008,
       and has affected every release of Flash on every platform since then.
       Despite numerous email exchanges with the Flash product manager about
       the bug, the bug report being hidden from the public for "security"
       reasons, and Adobe CTO Kevin Lynch's claims otherwise, it continues to
       be an issue.
         * [2]Original Bugtraq posting
         * [3]CVE-2008-4546
         * [4]Link to Adobe JIRA bug report (not accessible to the public
           anymore)
         _________________________________________________________________
    
       Email: Matthew Dempsky <[5]matthew@dempsky.org>; Twitter: [6]@mdempsky
    

References

    
    
       1. http://www.pcmag.com/article2/0,2817,2358815,00.asp
       2. http://www.securityfocus.com/archive/1/archive/1/496929/100/0/threaded
       3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
       4. http://bugs.adobe.com/jira/browse/FP-677
       5. mailto:matthew@dempsky.org
       6. http://twitter.com/mdempsky

~~~
jdowdell
Player team update here, 6pm Saturday Pacific:
[http://blogs.adobe.com/emmy/archives/2010/02/flash_bug_repor...](http://blogs.adobe.com/emmy/archives/2010/02/flash_bug_repor.html)

------
m104
Much praise to the Google Chrome team for handling this sort of thing
gracefully.

~~~
ramchip
And much praise to the Opera team for just not crashing in the first place. I
can zoom in the blue square, move around, etc. and the page is still fine
after a minute or so leaving it open.

~~~
Niten
Can anyone enlighten me on this? I noticed the same thing:

* Viewing this page in Firefox 3.6 on Windows caused Flash to crash, taking the browser down with it.

* Viewing it in Chrome on the same machine caused the Flash plugin subprocess to crash, resulting in an error message in Chrome.

* However, no crash occurred in Opera. This despite the fact that 32-bit Opera on Windows does not appear to use isolated subprocesses for running NSAPI plugins.

So what's going on here? Does Opera use some sort of in-process isolation to
protect the browser from its plugins? Or is there perhaps some quirk of
running in the Opera environment that caused this Flash crash not to be
triggered like it was in Firefox and Chrome?

~~~
vimalg2
Adobe Flash on Opera/Linux has always been quirky , crashy and all-round
unreliable for me in the past. So, I use Opera as my pure-HTML+javascript
browser, with ALL plugins, sound, animation, and Java plugins turned off in
Global preferences.

Going off-topic [Opera praise]: These settings instantly turn Opera into the
most stable and shockingly scalable 'Research and reference' browser I've
used. I only use Firefox3.5.x solely for web-dev, Google Apps, heavy-JS Web
2.0 apps, and Flash-enabled sites of course (with Flashblock as first-line-
defence).

------
jdietrich
Within fifteen seconds of Flash Crash crashing my Flash, my laptop's fan
stopped for the first time today. I think I might just uninstall flash.

~~~
sjs
<https://addons.mozilla.org/en-US/firefox/addon/433>

<http://rentzsch.github.com/clicktoflash/>

[https://chrome.google.com/extensions/detail/cdngiadmnkhgemki...](https://chrome.google.com/extensions/detail/cdngiadmnkhgemkimkhiilgffbjijcie)

------
chaosmachine
Put a warning in the title, please. Blind linking to a browser crashing demo
is not cool.

Edit: Thanks.

~~~
cmelbye
ClickToFlash for the win.

------
37prime
It seems Flash 10.1 beta is not affected by this bug.

~~~
maweaver
The linked bug report lists it as fixed in Flash Player 10 - 10_1_51_66, so
that sounds right.

------
vito
Firefox 3.6 on Ubuntu x64, Flash v10.0.32.18ubuntu1, seems to survive. Chrome
survives too, unsurprisingly. Come to think of it, doesn't Firefox have plugin
crash safety in place now?

Midori does insta-crash though.

~~~
icco
ff 3.5 on a similar setup crashes. 3.6 was when ff made itself less vulnerable
to this sort of thing, following webkit's and chrome's ideas on isolating
plugins.

~~~
mmastrac
Are you sure that's in 3.6? My 3.6 build doesn't have the
"dom.ipc.plugins.enabled" key in about:config.

I'm pretty sure it'll be landing in 3.7. Here's the tracking bug that shows
what's left to fix on it:
<https://bugzilla.mozilla.org/show_bug.cgi?id=539055>

------
kprobst
IE8 does not crash. Chrome handles the crash and shows a message. Firefox
dies.

------
grinich
ClickToFlash for Safari/Webkit on Mac is one of the best add-ons I've found.

<http://clicktoflash.com/> <http://github.com/rentzsch/clicktoflash>

~~~
philwelch
Yes, but oddly it seems to circumvent Safari's protective spawning of Flash to
a separate process when it does load. When I clicked the browser-crashing
Flash app, it actually crashed Safari, and Activity Monitor never picks up the
separate Flash process anymore.

~~~
chrisbolt
Are you sure you're not running Safari in 32-bit mode? The separation is only
set up when Safari is running in 64-bit. That setup worked fine for me;
clicking the plugin loaded it, and a few seconds later it crashed and turned
into the block without crashing Safari.

~~~
philwelch
It turns out I _was_ running Safari in 32 bit mode. I have no idea how that
got changed, though.

~~~
grinich
You could have changed it a while back to work with another pluging. For
example, video/voice chat for Gmail only works in 32-bit Safari.

------
zurcociremer
Weird, it doesn't crash on me here. I'm using Opera 10.10 browser on OS X
10.6.2

------
keltex
Steps to get Adobe to fix this bug:

1) Create a flash ad with this bug. Set to go off randomly 2) Put ad in a low-
cost adwords campaign

------
Groxx
Yup, crash on mine. WebKit nightly on OSX, everything up-to-date. Thankfully,
it just crashes the plugin (though it holds up the browser for a bit),
everything keeps working.

------
catch23
I guess the Adobe CTO missed this one...

------
oldball
This isn't new either. Matthew posted this over a year ago.

------
strongsauce
How do we downvote for linking to the actual crash with no warning.

~~~
ax0n
Flag it. Linking to a page that links to the crash demo with appropriate
disclaimer? cool. Putting a warning in the submission title would have worked,
too.

------
Dbug
I confirmed the crash on iCab 5.0.7 Mac, Firefox 3.6 Mac, Safari 4.0.4 Mac and
Firefox 3.5.7 under Ubuntu 9.10 in Virtual Box 3.1.2. (Using latest updated
Snow Leopard)

~~~
Dbug
Opps that was iCab 4.0.7

------
perekk
Opera 10.10 WinXP doesn't crash :-)

~~~
vimalg2
Yes, Opera/Windows handles Flash surprisingly well. The secret sauce is a
mystery.

------
electromagnetic
It's always nice to see bugs are addressed quickly . . . which Is why I'm not
really surprised, Adobe products have always had a clunky feel to me and Flash
was genuinely a product destined for them.

------
metamemetics
Opera and Internet Explorer 8 display the page without crashing.

------
yread
Hm great! Now every malware writer has a code that crashes flash. Let's hope
Adobe releases the fix before there are exploits

------
joeyo
Didn't crash Gnash, but I'm not sure if it rendered "properly" either (I just
saw a blue rectangle.)

------
rajat
On Snow Leopard and Safari, the browser doesn't crash, but the Flash player
crashes.

~~~
Dbug
It's crashing for me with Snow Leopard 10.5.2 on a Core Duo (32 bit obviously)
and Safari Version: 4.0.4 (6531.21.10) Build Info: WebBrowser-65312110~2 Code
Type: X86 (Native) Parent Process: launchd [157]

PlugIn Path: /Library/Internet Plug-Ins/Flash
Player.plugin/Contents/MacOS/Flash Player PlugIn Identifier:
com.macromedia.Flash Player.plugin PlugIn Version: 10.0.42 (1.0.4f348472)

Date/Time: 2010-02-05 22:06:52.926 -0800 OS Version: Mac OS X 10.6.2 (10C540)

------
jrockway
Yay for writing software in C. It crashes _really fast_!

------
papersmith
Seems fine with flash 10.1 beta 2, Safari on Mac.

------
arnorhs
Mine didn't crash... ????

------
itistoday
You know this whole Flash debacle is a real shame because Flash, at least the
concept of Flash, is really a great idea with lots of potential.

Flash allows people to create wonderful things (just visit newgrounds.com) but
Adobe's lack of commitment to improving it is dragging it down and could be
its unfortunate downfall.

~~~
barnaby
No it's not. No it doesn't.

Flash is a terrible concept just like Java Applets were a terrible concept,
and its only potential is annoying advertisements, slow splash pages that keep
away return visitors, and browser crashes.

------
freebsd_dude
Why are Flash's bugs only a problem when when Steve Jobs mentions it? Is Flash
really a problem or are we just overcome by Job's reality distortion field?

Flash does stuff that HTML cannot currently do. In this respect hackers should
thank Adobe as Flash helped move applications off the desktop and onto the
web. When HTML5 has matured, the gaps in HTML will be filled and unless Flash
has something new to offer, it will be time for give it a heartfelt goodbye.

Adobe's saving grace is that it released FABridge - you can use Flash for
things its good at Ajax for everything else. Then when HTML5 has matured you
wont have to rewrite everything.

~~~
cracell
The issue is that Flash seems to be getting worst. And we see a light at the
end of the tunnel (new features being added to browsers to do what we use
Flash for).

So the building of frustration with Flash over time, a general dislike of
closed systems, and a light at the end of the tunnel has combined into the
general "fuck you flash" feelings that seem to have sprang up over the last
few months in developers. Which is awesome! As the web needs to outgrow
proprietary plugins.

~~~
freebsd_dude
"As the web needs to outgrow proprietary plugins."

I agree. What bothers me is all this "frustration" showing only after Steve
Jobs mentions it. I highly doubt his reason for bashing Adobe is due to his
love for open web standards --

What I dont get is how hackers can side with Apple against Adobe given the
iPhone App store mess... The model of the App store is against everything the
open web stands for -- I think hackers should be more upset with Apple than
Adobe.

------
sscheper
Well, it works.

------
radley
Sorry, nothing happened. Firefox on OSX.

Prolly the worst [anti-Flash] troll post so far.

~~~
radley
[Updated for technical clarity, rather than refuting bias]

Reading the original article, the issues seems to be with AVM1, the portion of
the Flash Player dedicated to legacy Flash (v8 and older). Flash Player was
updated in 2006 to include AVM2 and that's been Adobe's focus ever since.

Translation for HTML people: it's like pointing out IE6 bugs that still show
up in IE7.

This is nothing more than an out of date flame post.

(Downvoters: have you actually looked at the nature of the bug?)

~~~
evgen
Adobe's CTO claimed that they don't ship versions of Flash that are known to
crash. The bug this triggers is more than a year old and the only versions it
does not crash is the most recent _beta_ version of Flash. The post merely
points out the deception in Lynch's claims.

~~~
radley
I updated my post to explain why the bug is irrelevant.

~~~
Dbug
Anything, including corrupt files, that can crash it is relevant because it is
also a security vulnerability.

~~~
radley
By my understanding, there will always be lots of ways to intentionally crash
a browser. I know very little about crash-related security vulnerabilities, so
I didn't see this threat as relevant.

~~~
scommab
I think you might be thinking of locking up the browers, rather then crashing
it. You can easily create a javascript program that will run a loop that will
make your browser non-reactive.

But this is very different the plugin actually crashes. The security issues
comes in to play because when the plugin crashes it is doing something it
wasn't designed to do. So (in theory) someone malicious could take this crash
and make the flash player do something specific it wasn't designed to do like
run some code outside of it's sandbox. Which obviously would be a very big
deal.

This is different then the lock up/DoS case where a product is doing what it
is meant to do, but will just take a very long time (maybe forever) to finish
it.

