Well well, if you haven’t already, stop using Safari! This script is very simple and very critical, it causes an Access Violation exception in WebKit.dll, which several browsers are based upon. Luckily, Google Chrome is enough sandboxed and can not be exploited trough this vulnerability.

The script simply fills the DOM document with <marquee> tags and within seconds, causes both Safari and Opera to crash. However Opera does not run WebKit but it turned out that the exploit made it crash for other reasons (http://secunia.com/advisories/39590).

I was going to debug this, but Visual Studio 2010 was unable to analyze the process however OllyDBG said:

Don’t know how to step because memory at address FFF3F5FB is not readable. Try to change EIP or pass exception to program.

I have only tested this in Safari and Chrome, feel free to comment if you test in some other browser using webkit and tell us your results.

The exploit can be found here.

Update: Apparently Konqueror does not run WebKit, I’m sorry for this miss and thanks for pointing it out, “Arioch”.