Browser Heaps

From: John Paterson <john9434@gmail.com>
To: vuln-dev@securityfocus.com
Cc:
Subject: Browser Heaps
Date:


I've been experimenting with Browser heaps and have some question. In
Internet Explorer I see two large heaps, one with the base at
0x00030000 and the other with the base at 0x00150000. From what I
understood, the heap at 0x00150000 is the process default heap and can
be manipulated by allocating and freeing strings in JavaScript via ie.
HeapLib. What is the first heap for, the one at 0x00030000? Is there
some way to manipulate it?

In Firefox I see just one large heap with the base at 0x00030000.
Apparently JavaScript strings can be used to manipulate it. However, I
was wondering is there some kind of simple way to trigger garbage
collection in Firefox JavaScript implementation, similarly to calling
CollectGarbage() in Internet Explorer. Or is there some kind of
workaround for this?

Thanks in advance!





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.