Version: 3.5.3 (using KDE 3.5.3, Gentoo) Compiler: Target: i686-pc-linux-gnu OS: Linux (i686) release 2.6.17-gentoo-r4 Following the demonstration on this address causes Konqueror to allocate memory until it crashes: http://metasploit.com/users/hdm/tools/browserfun/mobb_028.html That happens using Konqueror 3.5.3. For comparison, Firefox 1.5.0.4 just allocates some (150 mb or so?) memory and releases it immediately.
*** Bug 131499 has been marked as a duplicate of this bug. ***
Still there in KDE 3.5.4. Increasing priority, as this is allows denial of service attacks.
Confirmed on 3.5.6. If the konqueror instance is not killed on time, this could lead to unpredictable kills by the kernel once all the available memory is allocated.
unchanged in 3.5.9 In 4.0.4 it only allocates ~300 mb and shows a messagebox "No Java plugin installed!" On a second try memory consumption goes up to ~600 mb which get released afterwards going back to 300 mb.
I can confirm this bug is gone in trunk r810280. As it's not likely there will be another 3.5.x version of konqueror I'm closing this bug.
From the comments I see here, it hasn't been fixed in 4.0.4. 300 or 600 mb memory seems too much for a "No java plugin installed!" popup, I think..?