Today the german magazine IX (Heise) posts in their news portal a security issue
Windows Bluescreen if showing to big scaled images in browser
The idea is quite simple
<HTML>
<BODY>
<IMG SRC="./sweetydead.jpg" width="9999999" height="9999999">
</BODY>
</HTML>
I tryed it and receive no bluescreen. Perhaps the memory or harddisk runs full an then BANG. I dont know. My second notebook (3GHZ HT) runs this tests and the CPU load goes up for a long time and the machine is not longer useable. Also mouse hangs. But after several minutes the task manager comes up ( after CRTL-ALT-DEL).
Also some other browser (not all) have this issue.
The problem is, its quite simple to reproduce. A html email is enough and the image do not need to be big. How to prevent such a bug in development process?
What i am wonder about is the ethic question. Should Heise wait till the bug (bug?) is fixed make the issue public?