Tuesday, June 26th, 2007

IE Memory Leaks Be-gone

Category: IE

We can all rejoice as their are officially no more memory leaks in IE.

Ok, there are probably still plenty, but it is good news to hear that with the MS07-033 security update we get:

General distribution release (GDR) fixes

A memory leak occurs in Internet Explorer 6 when you view a Web page that uses JScript scripting on a Windows XP-based computer (KB929874)

Mark Wubben is going to be speaking at the Ajax Experience in a few weeks so come chat memory leaks and more :)

Posted by Dion Almaer at 6:40 am

3.4 rating from 29 votes


Comments feed TrackBack URI

Who is Mark Wubben?

Comment by Martin — June 26, 2007

There’s no point in fixing memory leaks in IE6XP if they are not fixed in IE6Win2K !!! They should have fixed it years ago, now it’s too late.

So basically, IE6XP got a fix but XP users are forced to update to IE7. So what’s the real news here ? Another microsoft marketing lie ?

Comment by Laurent V. — June 26, 2007

sure has been a long time coming them fixing their garbage collection, guess since there will be little take-up on this patch there will still be a need for those tutorials on doing closures without causing an IE memory leak!

Comment by David G. Paul — June 26, 2007

This is good news for that tiny sliver of users that update regularly and have manually kept from upgrading their IE6.

This means absolutely nothing for developers.

You still have to code your app around the leaks for all the rest (read: majority) of the IE6 users out there. There’s really no point in coding a different version of your stuff for IE6sv1.

Where was this patch 4 years ago?

Comment by Thomas Aylott — June 26, 2007

Actually, this could be really really bad for developers.

If you setup a testing box with IE6 to test your app and you accidentally get the latest patched version of IE6, you’ll be blissfully unaware of all the memory leaks that your site has for the majority of IE6 users.


Thanks for helping us to ignore all our problems Microsoft!

Now if you could only come out with a simple standalone version of IE6, that would actually be helpful.

Comment by Thomas Aylott — June 26, 2007

Realistically the people that fixed and provided a patch for ie6 are probably not the same people that wrote the original ie6 version….so it may be something that we should just be grateful for and leave it at that.. (even if it is a little late)

Comment by Jesse Kuhnert — June 26, 2007

I Think Thomas is right on this one. This patch may be a benefit to the x% of IE6 users that install it, but it won’t help developers until at least say 95% of IE6 users install it, which will probably never happen.

Comment by K9 — June 26, 2007

Thomas…since when is it the software developer’s job to choose to leave bugs in their code instead of alleviating the issue for some percentage of users? You think a company should behave like this just so some potentially misinformed developers won’t be tricked into a false sense of security?

By that logic, why not open up all the security holes that have been patched in any product over time just in case some developers forget that some of their products users might not have the patches?

The best software will be produced if developers fix bugs and performance issues whenever possible, and those that use development platforms remain responsibly aware of legacy issues that have not yet had the time to fade away.

Be annoyed that IE6 had painful memory leaks in the first place…but don’t be annoyed that they are working to fix them.

Comment by Ben — June 26, 2007

You guys should be celebrating the fact that the software giant finally fixed one of their ancient bugs. In four or five years, everything you’ve developed now will work flawlessly. Isn’t MS great?

Comment by cdude — June 26, 2007

Great, maybe they can also fix their crappy decodeURI* implementation now.

Comment by Viktor — June 26, 2007

Ben I think you really don’t understand how supporting a browser such as IE 6 works, it is totally different than a specific product that runs on a specific platform and at any given time you can verify if it is updated and if not force the users to update their browser. Once they release a browser with a flaw, it will be circulating for years and you cannot simply fix it because not all the users will apply the fix- It will take years to get rid of it.

I think Thomas has a point. At this stage fixing some random bug in IE 6 and leaving the rest of bugs unfixed doesn’t really help anybody – hacks still must be implemented and so on. This just creates more confusion.

Comment by Bono — June 26, 2007


When a security hole is patched for, say, any operating system…can you, as a developer for that OS, make the assumption that everyone gets that patch, or are you responsible enough to still protect your software from the users who might still be vulnerable?

If you are a responsible developer, you are aware that some users may not have the patch, and you need to act in a way that protects them.

As a developer for IE6, I will always know that memory leaks may be present. Any web developer worth his salt is aware of this fact.

Does that mean that Microsoft should let things remain buggy just to constantly remind us by perpetuating the problem?

No. They should fix it for those they are able to help. We, as developers, should continue to protect those that are still vulnerable.

This is how good software is made. By both vendors and developers taking responsibility for users.

By your logic, Apple and MS should never release security patches unless they can be absolutely 100% sure that every user will immediately install them…for this “fear” of developers losing knowledge that the bug ever existed.

It’s a developers job to be aware. It’s a vendor’s job to fix bugs.

Comment by Ben — June 26, 2007

All XP users who keep their software updated will get this patch. Those who don’t will likely have other issues with their machine, browsers leaking memory won’t be causing it to run slower.

And I can imagine more interesting things to discuss than memory leaks ;-)

Comment by Mark Wubben — June 27, 2007

My guess is that Microsoft kept this well-known memory leak bug in IE intentionally (basically in order to prevent developers from building larger client-side browser-based applications). This politics seems to fail recently, so they might have considered to “resolve” the issue, since this has been in the end perceived as a “bug” (and thus added negative moment to the image of the browser in developer society). Also, worth noticing, the bug has never been a showstopper since it could be workarounded with a certain technic.

Comment by Lev Matematik — June 29, 2007

Leave a comment

You must be logged in to post a comment.